[Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]

[Razorhunter]

I had upgrade my Ubuntu 19.10 to 20.04 Beta and caught this exception when trying to connect to MSSQL server. Previously it worked in Ubuntu 19.10.

SQL Server : 12.0.4100.1
PHP : 7.1.33
OS: Ubuntu 20.04 Beta

Anybody can help me, I'm really appreciate it. Thank You

[yitam]

Just so you know, @Razorhunter , we do not officially support Ubuntu 20.04 yet.

That being said, have you tried connecting to another SQL Server instance? Say SQL Server 2017 or later? I suspect it might be related to #1021

[Razorhunter]

@yitam For the time being, we only got production SQL Server 2014 and we didn't plan to upgrade to the newest version. There are no other workaround for it for the time being?

[yitam]

hi @Razorhunter please check the comments in #1021 and #1023 for various options or workarounds

[yitam]

FYI, @Razorhunter

I just did a brief test. I have no problem connecting to SQL Server 2017 or above from Ubuntu 20.04.

For further explanation, please check our reply to a similar issue.

But if upgrading your server is not an option for you now, this suggestion for Debian might help you.

Save a backup /etc/ssl/openssl.cnf first and then modify the file by following the steps below (disclaimer: doing this may compromise the security):

1. Add openssl_conf = default_conf near the top
2. Add the following at the end:

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=1 

But if your SQL Server does not yet support TLSv1.2, it's highly recommended that you follow the instructions to update. Again, if you do not plan to upgrade yet, you may change the line MinProtocol = TLSv1.2 to TLSv1.0 (it's your choice but not recommended)

[yitam]

Any update, @Razorhunter ?

[Razorhunter]

@yitam Just want you to know, I did successfully connect to the MSSQL 2017 with Ubunt 20.04. Seems like you previous suggestion using MSSQL 2017 and above is a correct way for now. I had move my staging server to new VM and installed MSSQL2017 for now. The production server remains using MSSQL 2014. Tq for your help

[yitam]

You're welcome @Razorhunter
Closing this issue now, and please feel free to reopen if necessary

[ludufre]

I have this problem with an outdated SQL Server connecting from Oracle Linux 8.2.

The location to change MinProtocol: /etc/crypto-policies/back-ends/opensslcnf.config

[esundberg]

This was helpful.

Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv

We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.

Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error

edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_conf

End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

[Razorhunter]

@esundberg thank you...i tried your solution and IT WORKS!!! ... thanks a lot...very appreciate it

[satarasov]

@esundberg thanks a lot, saved my day!

[githubjeka]

If you use docker:

1. Get https://github.com/openssl/openssl/blob/master/apps/openssl.cnf and save as openssl.cnf
2. Add to end file

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

3. Add to Dockerfile the row

COPY openssl.cnf /etc/ssl/openssl.cnf

4. Rebuild image and run container

[daveschafer]

If you use docker:

1. Get https://github.com/openssl/openssl/blob/master/apps/openssl.cnf and save as `openssl.cnf`

2. Add to end file

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

1. Add to Dockerfile the row

COPY openssl.cnf /etc/ssl/openssl.cnf

1. Rebuild image and run container

This almost worked perfectly for my use case (docker on Ubuntu 2004 connecting to SQL Server 2014).
But I had to replace the Line 17 with this to get it working:

#openssl_conf = openssl_init
openssl_conf = default_conf

[githubjeka]

To history, Line 17 is https://github.com/openssl/openssl/blob/e45d943665e806ff49d06cfbdd566a8e2d57d56d/apps/openssl.cnf#L17

[MaguiTai]

#1112 (comment)
.... MAGIK ....
thanks

[himalayantechies]

This was helpful.

Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv

We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.

Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error

edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_conf

End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

Hi,
I did that , but still I am getting the same error.
Server : Ubuntu 20.04.1 LTS
SQL Server: Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64)
Changed openssl.cnf
Apache2 restarted
Didnt work,
Changed MinProtocol = TLSv1.2 to TLSv1.0
Didnt work

[himalayantechies]

FYI, @Razorhunter

I just did a brief test. I have no problem connecting to SQL Server 2017 or above from Ubuntu 20.04.

For further explanation, please check our reply to a similar issue.

But if upgrading your server is not an option for you now, this suggestion for Debian might help you.

Save a backup /etc/ssl/openssl.cnf first and then modify the file by following the steps below (disclaimer: doing this may compromise the security):

1. Add `openssl_conf = default_conf` near the top

2. Add the following at the end:

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=1 

But if your SQL Server does not yet support TLSv1.2, it's highly recommended that you follow the instructions to update. Again, if you do not plan to upgrade yet, you may change the line MinProtocol = TLSv1.2 to TLSv1.0 (it's your choice but not recommended)

Hi,
I did that , but still I am getting the same error.
Server : Ubuntu 20.04.1 LTS
SQL Server: Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64)
Changed openssl.cnf
Apache2 restarted
Didnt work,
Changed MinProtocol = TLSv1.2 to TLSv1.0
Didnt work

[yitam]

Hi @himalayantechies

Note that we no longer support SQL Server 2008 or 2008 R2. Please consider upgrading your server or using an older Ubuntu version, such as 18.04 LTS.

[himalayantechies]

Hi @himalayantechies

Note that we no longer support SQL Server 2008 or 2008 R2. Please consider upgrading your server or using an older Ubuntu version, such as 18.04 LTS.

Thanks

[linuxkathirvel]

MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

This was helpful.

Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv

We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.

Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error

edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_conf

End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

This solution is working fine for me on Debian 10.

[linuxkathirvel]

This was helpful.

Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv

We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.

Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error

edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_conf

End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

Thanks @esundberg

[luizcantoni]

This was helpful.

Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv

We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.

Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error

edit: /etc/ssl/openssl.cnf
1st line in the file added
openssl_conf = default_conf

End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

I have an instance of SQL Server 2005 and I did exactly what is described above and it works. Thanks!

[kazzi58]

Please add this line to the place/file you have configured your settings:

options: { encrypt: false }

[luisecia]

Obrigado luizcantoni
Duas noites enganxado nessa parada.

[glrvrl]

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=1

i using laradock / php-fpm:
in my case, MinProtocol = TLSv1.2 to MinProtocol = TLSv1.0 worked, you may experience a similar situation

[Aristiklever-R-Sousa]

This was helpful.

Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv

We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.

Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error

edit: /etc/ssl/openssl.cnf 1st line in the file added openssl_conf = default_conf

End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

I have tried this, but didn't worked...
My configs:
SO: Ubuntu 22.04.1 LTS
PHP 8.1.2-1ubuntu2.8 (with Driver ODBC 17)
SQL Server: Microsoft SQL Server 2012 - 11.0.2100.60 (x64)

[manhthang2504]

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

My case, in order to work, the CipherString must be:
CipherString = ALL:@SECLEVEL=0

[giagara]

This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf 1st line in the file added openssl_conf = default_conf
End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

I have tried this, but didn't worked... My configs: SO: Ubuntu 22.04.1 LTS PHP 8.1.2-1ubuntu2.8 (with Driver ODBC 17) SQL Server: Microsoft SQL Server 2012 - 11.0.2100.60 (x64)

did you find a solution?

[yhb598712]

ubuntu: 22.04
odbc: 17
php: 8.1
sqlserver: 2012

/etc/ssl/openssl.cnf

my case: change last CipherString
CipherString = DEFAULT:@SECLEVEL=2
to
CipherString = DEFAULT:@SECLEVEL=0
or
CipherString = ALL:@SECLEVEL=0

both Works

[yhb598712]

This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf 1st line in the file added openssl_conf = default_conf
End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

I have tried this, but didn't worked... My configs: SO: Ubuntu 22.04.1 LTS PHP 8.1.2-1ubuntu2.8 (with Driver ODBC 17) SQL Server: Microsoft SQL Server 2012 - 11.0.2100.60 (x64)

did you find a solution?
ubuntu22.04 php8.1 odbc17 edit /etc/ssl/openssl.conf last line to
CipherString = DEFAULT:@SECLEVEL=0

[ccskevin32]

The openssl_conf = default_conf solution worked for me with ubuntu 20.04 and odbc 18 connecting to sql server 2008 R2

[vladauniver]

This was helpful.
Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv
We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.
Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error
edit: /etc/ssl/openssl.cnf 1st line in the file added openssl_conf = default_conf
End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

I have tried this, but didn't worked... My configs: SO: Ubuntu 22.04.1 LTS PHP 8.1.2-1ubuntu2.8 (with Driver ODBC 17) SQL Server: Microsoft SQL Server 2012 - 11.0.2100.60 (x64)

did you find a solution?
ubuntu22.04 php8.1 odbc17 edit /etc/ssl/openssl.conf last line to
CipherString = DEFAULT:@SECLEVEL=0

this solution works for me on linux mint 21.1 :)

[0neCigarettes]

[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

My case, in order to work, the CipherString must be: CipherString = ALL:@SECLEVEL=0

this solution works for me on Ubuntu-20.04 php 7.3.

[Fenozo]

FROM ubuntu:20.04
USER root
WORKDIR /var/www

RUN apt update -y && apt upgrade -y && apt-get update
RUN apt install -y curl
RUN apt install -y python3.8
RUN apt install -y git
RUN apt install -y python3-pip
RUN apt-get install gcc

PYODBC DEPENDENCES

ADD odbcinst.ini /etc/odbcinst.ini
RUN apt-get install -y tdsodbc unixodbc-dev
RUN apt-get install unixodbc -y
&& apt-get install freetds-dev -y
&& apt-get install freetds-bin -y
&& apt-get install --reinstall build-essential -y
RUN apt-get clean -y

RUN apt-get update
&& apt-get install -y curl apt-transport-https

RUN apt install -y unixodbc-dev

ENV STATIC_URL /static
ENV STATIC_PATH /var/www/app/static

RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -

RUN curl https://packages.microsoft.com/config/debian/11/prod.list > /etc/apt/sources.list.d/mssql-release.list
RUN apt-get update
RUN ACCEPT_EULA=Y apt-get install -y --allow-unauthenticated msodbcsql17
RUN ACCEPT_EULA=Y apt-get install -y --allow-unauthenticated mssql-tools
RUN echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile
RUN echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc

RUN echo "[ODBC Driver 17 for SQL Server]\n
Description=Microsoft ODBC Driver 17 for SQL Server\n
Driver=/opt/microsoft/msodbcsql17/lib64/libmsodbcsql-17.5.so.2.1\n
UsageCount=1" >> /etc/odbcinst.ini

RUN python3 -m pip install flask
RUN python3 -m pip install Flask-Cors

RUN Add openssl_conf = default_conf

RUN chmod +rwx /etc/ssl/openssl.cnf
RUN [default_conf] ssl_conf = ssl_sect >> /etc/ssl/openssl.cnf
RUN [ssl_sect] system_default = system_default_sect >> /etc/ssl/openssl.cnf

RUN [system_default_sect] >> /etc/ssl/openssl.cnf
RUN echo MinProtocol = TLSv1 >> /etc/ssl/openssl.cnf
RUN echo CipherString = DEFAULT@SECLEVEL=1 >> /etc/ssl/openssl.cnf

RUN apt update -y
COPY ./requirements.txt /var/www/requirements.txt
RUN python3 -m pip wheel -r /var/www/requirements.txt
RUN python3 -m pip install pyodbc
RUN python3 -m pip install python-dotenv
RUN python3 -m pip install flask-socketio
RUN python3 -m pip install flask_session
RUN python3 -m pip install bcrypt
RUN python3 -m pip install fpdf
RUN python3 -m pip install qrcode
RUN python3 -m pip install pytz
RUN python3 -m pip install numpy
RUN python3 -m pip install python-math
RUN python3 -m pip install threaded
RUN python3 -m pip install babel
RUN python3 -m pip install pymssql

EXPOSE 9900

CMD ["python3", "app.py"]

this dockerfile has problem when connecting pyodbc

[hongbo-miao]

@yhb598712 's solution works for me, really appreciate! ☺️

In my case, I am using dbt to connect Microsoft SQL Server 2008 R2 (SP2) owned by vendor.

My machine is Ubuntu 22.04.1 and has ODBC Driver 18 for SQL Server installed.

sudo nano /etc/ssl/openssl.cnf

Change last CipherString line from

CipherString = DEFAULT:@SECLEVEL=2

to

CipherString = DEFAULT:@SECLEVEL=0

works for me!

[FriskaSepta]

This was helpful.

Ubuntu 20.04 PHP 7.4 using the 19.10 drivers for sqlsrv

We have a real old SQL server out there . The SQL Server show's version 10.50.2550.0, i think it's SQL Server 2008 R2. I had to use TLSv1 to connect to the server. I also had to do a "systemctl restart apache2" to get it to take affect. TLSv1.1 did not work with my MSSQL server version.

Error message: Connection failed: SQLSTATE[08001]: [Microsoft][ODBC Driver 17 for SQL Server]SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]Database Connection Error

edit: /etc/ssl/openssl.cnf 1st line in the file added openssl_conf = default_conf

End of file added

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1

Not 100% sure why i had to restart apache2 for it to take effect, but I had to.

systemctl restart apache2

reloaded the page and it works

This Work. PHP 8.1 - Ubuntu 20 - Apache

[CaledoniaProject]

To avoid update to latest SPs, these general instructions should work on any linux

1. Look for system_default string and find the default configuration
2. Locate CipherString and MinProtocol in all configuration files, also the included files, e.g /etc/crypto-policies/back-ends/opensslcnf.config
3. Change them accordingly

Works on latest Ubuntu/AMZN/CentOS server, reload php-fpm or httpd afterwards, effects immediately.

[lupainformatica]

I'am having the same issue here.

Debian 12 (bookworm)
OpenSSL 3.0.11
SqlSrv Version 18.2.0001.1