New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Closed
Razorhunter opened this issue
Apr 4, 2020
· 28 comments
Comments
I had upgrade my Ubuntu 19.10 to 20.04 Beta and caught this exception when trying to connect to MSSQL server. Previously it worked in Ubuntu 19.10.
SQL Server : 12.0.4100.1
PHP : 7.1.33
OS: Ubuntu 20.04 Beta
Anybody can help me, I’m really appreciate it. Thank You
Just so you know, @Razorhunter , we do not officially support Ubuntu 20.04 yet.
That being said, have you tried connecting to another SQL Server instance? Say SQL Server 2017 or later? I suspect it might be related to #1021
@yitam For the time being, we only got production SQL Server 2014 and we didn’t plan to upgrade to the newest version. There are no other workaround for it for the time being?
FYI, @Razorhunter
I just did a brief test. I have no problem connecting to SQL Server 2017 or above from Ubuntu 20.04.
For further explanation, please check our reply to a similar issue.
But if upgrading your server is not an option for you now, this suggestion for Debian might help you.
Save a backup /etc/ssl/openssl.cnf first and then modify the file by following the steps below (disclaimer: doing this may compromise the security):
- Add
openssl_conf = default_confnear the top - Add the following at the end:
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=1
But if your SQL Server does not yet support TLSv1.2, it’s highly recommended that you follow the instructions to update. Again, if you do not plan to upgrade yet, you may change the line MinProtocol = TLSv1.2 to TLSv1.0 (it’s your choice but not recommended)
Denkalinovsky and alistairp-mediatel reacted with heart emoji
cesarluis11 and Lancheros reacted with eyes emoji
@yitam Just want you to know, I did successfully connect to the MSSQL 2017 with Ubunt 20.04. Seems like you previous suggestion using MSSQL 2017 and above is a correct way for now. I had move my staging server to new VM and installed MSSQL2017 for now. The production server remains using MSSQL 2014. Tq for your help
You’re welcome @Razorhunter
Closing this issue now, and please feel free to reopen if necessary
I have this problem with an outdated SQL Server connecting from Oracle Linux 8.2.
The location to change MinProtocol: /etc/crypto-policies/back-ends/opensslcnf.config
This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show’s version 10.50.2550.0, i think it’s SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a «systemctl restart apache2» to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_conf
End of file added
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1
Not 100% sure why i had to restart apache2 for it to take effect, but I had to.
systemctl restart apache2
reloaded the page and it works
vitormicillo, peterpalace, foogho, Wicwik, neet-lord, apiedrasantag, henryavila, oalahmed, and sujithksurendran reacted with hooray emoji
vitormicillo, peterpalace, githubjeka, Wicwik, JosueAjca, neet-lord, apiedrasantag, henryavila, luizcantoni, ntnp, and 3 more reacted with heart emoji
vitormicillo, Wicwik, neet-lord, MaguiTai, apiedrasantag, henryavila, luizcantoni, wcardoso, bellinilo, and sujithksurendran reacted with rocket emoji
@esundberg thank you…i tried your solution and IT WORKS!!! … thanks a lot…very appreciate it
If you use docker:
- Get https://github.com/openssl/openssl/blob/master/apps/openssl.cnf and save as
openssl.cnf - Add to end file
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1
- Add to Dockerfile the row
COPY openssl.cnf /etc/ssl/openssl.cnf
- Rebuild image and run container
wcardoso and bellinilo reacted with rocket emoji
If you use docker:
1. Get https://github.com/openssl/openssl/blob/master/apps/openssl.cnf and save as `openssl.cnf` 2. Add to end file[default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=11. Add to Dockerfile the rowCOPY openssl.cnf /etc/ssl/openssl.cnf
1. Rebuild image and run container
This almost worked perfectly for my use case (docker on Ubuntu 2004 connecting to SQL Server 2014).
But I had to replace the Line 17 with this to get it working:
#openssl_conf = openssl_init
openssl_conf = default_conf
This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show’s version 10.50.2550.0, i think it’s SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a «systemctl restart apache2» to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_confEnd of file added
[default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1Not 100% sure why i had to restart apache2 for it to take effect, but I had to.
systemctl restart apache2reloaded the page and it works
Hi,
I did that , but still I am getting the same error.
Server : Ubuntu 20.04.1 LTS
SQL Server: Microsoft SQL Server 2008 (RTM) — 10.0.1600.22 (X64)
Changed openssl.cnf
Apache2 restarted
Didnt work,
Changed MinProtocol = TLSv1.2 to TLSv1.0
Didnt work
FYI, @Razorhunter
I just did a brief test. I have no problem connecting to SQL Server 2017 or above from Ubuntu 20.04.
For further explanation, please check our reply to a similar issue.
But if upgrading your server is not an option for you now, this suggestion for Debian might help you.
Save a backup
/etc/ssl/openssl.cnffirst and then modify the file by following the steps below (disclaimer: doing this may compromise the security):1. Add `openssl_conf = default_conf` near the top 2. Add the following at the end:[default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT@SECLEVEL=1But if your SQL Server does not yet support TLSv1.2, it’s highly recommended that you follow the instructions to update. Again, if you do not plan to upgrade yet, you may change the line
MinProtocol = TLSv1.2toTLSv1.0(it’s your choice but not recommended)
Hi,
I did that , but still I am getting the same error.
Server : Ubuntu 20.04.1 LTS
SQL Server: Microsoft SQL Server 2008 (RTM) — 10.0.1600.22 (X64)
Changed openssl.cnf
Apache2 restarted
Didnt work,
Changed MinProtocol = TLSv1.2 to TLSv1.0
Didnt work
Hi @himalayantechies
Note that we no longer support SQL Server 2008 or 2008 R2. Please consider upgrading your server or using an older Ubuntu version, such as 18.04 LTS.
Hi @himalayantechies
Note that we no longer support SQL Server 2008 or 2008 R2. Please consider upgrading your server or using an older Ubuntu version, such as 18.04 LTS.
Thanks
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1
This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show’s version 10.50.2550.0, i think it’s SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a «systemctl restart apache2» to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_confEnd of file added
[default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1Not 100% sure why i had to restart apache2 for it to take effect, but I had to.
systemctl restart apache2reloaded the page and it works
This solution is working fine for me on Debian 10.
This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show’s version 10.50.2550.0, i think it’s SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a «systemctl restart apache2» to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_confEnd of file added
[default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1Not 100% sure why i had to restart apache2 for it to take effect, but I had to.
systemctl restart apache2reloaded the page and it works
Thanks @esundberg
This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show’s version 10.50.2550.0, i think it’s SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a «systemctl restart apache2» to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_confEnd of file added
[default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1Not 100% sure why i had to restart apache2 for it to take effect, but I had to.
systemctl restart apache2reloaded the page and it works
I have an instance of SQL Server 2005 and I did exactly what is described above and it works. Thanks!
Please add this line to the place/file you have configured your settings:
options: { encrypt: false }
Obrigado luizcantoni
Duas noites enganxado nessa parada.
[default_conf]
ssl_conf = ssl_sect[ssl_sect]
system_default = system_default_sect[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=1
i using laradock / php-fpm:
in my case, MinProtocol = TLSv1.2 to MinProtocol = TLSv1.0 worked, you may experience a similar situation
This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show’s version 10.50.2550.0, i think it’s SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a «systemctl restart apache2» to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf 1st line in the file added
openssl_conf = default_confEnd of file added
[default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1Not 100% sure why i had to restart apache2 for it to take effect, but I had to.
systemctl restart apache2reloaded the page and it works
I have tried this, but didn’t worked…
My configs:
SO: Ubuntu 22.04.1 LTS
PHP 8.1.2-1ubuntu2.8 (with Driver ODBC 17)
SQL Server: Microsoft SQL Server 2012 — 11.0.2100.60 (x64)
[default_conf]
ssl_conf = ssl_sect[ssl_sect]
system_default = system_default_sect[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1
My case, in order to work, the CipherString must be:
CipherString = ALL:@SECLEVEL=0
This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show’s version 10.50.2550.0, i think it’s SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a «systemctl restart apache2» to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf 1st line in the file addedopenssl_conf = default_conf
End of file added[default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT@SECLEVEL=1Not 100% sure why i had to restart apache2 for it to take effect, but I had to.
systemctl restart apache2reloaded the page and it works
I have tried this, but didn’t worked… My configs: SO: Ubuntu 22.04.1 LTS PHP 8.1.2-1ubuntu2.8 (with Driver ODBC 17) SQL Server: Microsoft SQL Server 2012 — 11.0.2100.60 (x64)
did you find a solution?
Recently I had a stange situation. With my browser I was able to open the health check of a legacy webservice but curl
(and the PHP application that used libcurl) was unable to reach it. Also running curl in Docker ended up with the
same error: unsupported protocol.
Based on the error, I got the scary feeling that the webservice is using an old version of the SSL protocol (for example TLS 1.1).
So I used the OpenSSL client to check which SSL protocol was supported.
TLS 1.0 was the best available option. Specifying the —tlsv1.0 and —insecure option in my curl request did not solve anything.
After diving in deeper I learned that the OpenSSL library (that is used by curl) has is own configuration file and that this file is not
located in /etc but in /usr/lib/ssl/openssl.conf (Debian based distros). In the file I found the following configuration line:
MinProtocol = TLSv1.2
After changing the MinProtocol to TLSv1.0 curls works like a charm!
A critical note: Using older protocols should never be your first choice. Changing the MinProtocol version option allows your applications (with OpenSSL bindings)
to connect in an insecure way to all endpoints. In this situation the legacy application was only reachable via a site-to-site VPN,
but changing this option also impacts the connection to all other endpoints and applications.
For RHEL based distro’s the file seems to be located in /etc/pki/tls/openssl.cnf (I havent tested this).
For people who are using a Docker image based on Debian you will find the same location inside your container. Change the setting via some commands in your Dockerfile.
Description
This article explains how to fix the issue when FortiGate unit has authentication setting with LDAP and gets the error message below:‘error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol’
[934] __ldap_connect-tcps_connect(x.x.x.x) failed: ssl_connect() failed: 5 (error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol).
Solution
When the LDAP setting is in the FortiGate unit and it can not authenticate with LDAP server properly, run the following CLI commands to check:
# diagnose debug disable
# diagnose debug reset
# diagnose debug application fnbamd -1
# diagnose debug enable
# diagnose test authserver ldap <servername> <username> <password>
In case:
— LDAP setting on FortiGate is correct, but FortiGate unit can not authenticate with LDAP server properly.
— After an upgrade of the firmware version to be v6.0.2 and above and there is a LDAP authentication issue
Run the following CLI commands to check:
# diagnose debug disable
# diagnose debug reset
# diagnose debug application fnbamd -1
# diagnose debug enable
# diagnose test authserver ldap <servername> <username> <password>
There is an issue when below message show up:
“error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol”
From the full message:
[934] __ldap_connect-tcps_connect(x.x.x.x) failed: ssl_connect() failed: 5 (error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol).
Example of logs.
[1139] __fnbamd_cfg_get_ldap_list_by_group-Loading LDAP server ‘TEST24’ for usergroup ‘VPN-Degaudenz-C3-GR’ (12)
[1607] fnbamd_ldap_init-search filter is: sAMAccountName=testUser
[1616] fnbamd_ldap_init-search base is: dc=testgroup,dc=local
[991] __fnbamd_ldap_dns_cb-Resolved TEST24 (idx 0) to 10.10.24.15
[1059] __fnbamd_ldap_dns_cb-Still connecting.
[556] create_auth_session-Total 1 server(s) to try
[214:root:c2]fam_auth_send_req_internal:453 fnbam_auth return: 4
[934] __ldap_connect-tcps_connect(10.10.24.5) failed: ssl_connect() failed: 5 (error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol).
[770] __ldap_try_next_server-LDAP TEST24′ conn failed, svr: 10.10.24.5.
[736] __ldap_error-
[725] __ldap_stop-svr ‘TEST24’
SOLUTION:
1) To fix this issue, run the following CLI commands on FortiGate unit:
#config system global
set ssl-min-proto-version TLSv1
end
Or configure minimum ssl version following LDAP server with:
#config system global
set ssl-min-proto-version <version>
end
Version
SSLv3 SSLv3.
TLSv1 TLSv1.
TLSv1-1 TLSv1.1.
TLSv1-2 TLSv1.2.
2) Check SSL minimum proto version on FortiGate unit with:
config system global
get
And check under:
ssl-min-proto-version:
2.1) Then configure SSL minimum proto version at LDAP server to be the same as FortiGate unit.
After upgrading MySQL ODBC drivers (to, for example, connect to MySQL 8.0), old tasks connecting to MySQL 5.5/5.6/5.7 as sources fail.
Error:
Cannot connect to ODBC provider,RetCode: SQL_ERROR SqlState: HY000 NativeError: 2026 Message:
[MySQL][ODBC 8.0(w) Driver]SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Environment:
Qlik Replicate
Resolution:
With MySQL ODBC Client 5.3 or higher, the internal parameters must be set to point at the correct driver.
First, locate the exact name of the driver in the Windows ODBC Data Source Administrator.
- Open the windows ODBC Data Source Administrator
- Open the Drivers tab
- Scroll to your MySQL ODBC driver. Example: MySQL ODBC 8.0 Unicode Driver
- Copy MySQL ODBC 8.0 Unicode Driver. This will be the name we use for the internal parameter.
Then set the Internal Parameter in Qlik Replicate.
- In the Qlik Replicate Web Console, go to Manage Endpoint
- Locate your MySQL Source or Target that is failing with the connection error
- Switch to the Advanced tab
- Click Internal Paramters
- In the top search bar, type provider (for source) or driver (for target)
- Click the suggestion. It will add a Parameter to define.
- In Value, paste the name of your driver, replacing the <x.x> with the actual version: MySQL ODBC
- Click OK
Март
6
How to fix curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
с переходом на новые стандарты ssl новые системы не поддерживают ssl 1.0 а некоторые старые машины никогда не обновятся до новых сертификатов потому понижаем минимальные требования в DEBIAN 10 например так
nano /usr/lib/ssl/openssl.conf
и меняем
MinProtocol = TLSv1.2 на MinProtocol = TLSv1.0
Метки: curl, debian, linux, php5.3, SSL
Copyright 2018. All rights reserved.
Опубликовано 06.03.2021 admin в категории «Без рубрики