Software & AppsOperating SystemLinux

Fixing SSL Provider Error When Connecting to SQL Server on Ubuntu 20.04

Ubuntu 17

In this article, we’ll be discussing how to resolve the “SSL Provider: [error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol]” error that you may encounter when using Microsoft ODBC Driver 17 for SQL Server on Ubuntu 20.04. This error generally arises due to a mismatch between the SSL/TLS protocols supported by your system and the remote SQL Server.

Understanding the Error

The SSL Provider error typically indicates a problem with the SSL/TLS protocol version. The SQL Server you’re trying to connect to may not support the version of SSL/TLS that your client system (in this case, Ubuntu 20.04) is using.

Solution 1: Update OpenSSL

The first solution to consider is updating OpenSSL on your Ubuntu system. OpenSSL is a robust, full-featured open-source toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

  1. Download OpenSSL: Download the source tar.gz file from the OpenSSL website. For example, openssl-1.1.1p.tar.gz.
  2. Extract the downloaded file: Use the tar command to extract the file:
    tar -zxvf openssl-1.1.1p.tar.gz
    This command extracts the contents of the tar.gz file. The -zxvf option stands for ‘z’ (decompress the archive), ‘x’ (extract the files), ‘v’ (verbose mode, to show the progress), and ‘f’ (use archive file).
  3. Navigate to the extracted directory:
    cd openssl-1.1.1p
    The cd command is used to change the current directory to the specified one.
  4. Configure the installation: Run the ./config command to configure the OpenSSL installation.
  5. Build and install OpenSSL: Use the make command to compile the source code, and sudo make install to install the compiled program.
  6. Update the dynamic linker’s links and cache: Run sudo ldconfig to ensure the system recognizes the newly installed OpenSSL.
  7. Verify the installation: Run openssl version to check the installed version of OpenSSL.

Solution 2: Check Cipher Support

Another potential issue could be a mismatch in the cipher suites supported by your system and the SQL Server. You can use the nmap command to check the supported ciphers on both your system and the SQL Server.

nmap --script ssl-enum-ciphers localhost
nmap --script ssl-enum-ciphers <DB SERVER IP>

The nmap command is a network scanning tool. The --script ssl-enum-ciphers option tells nmap to enumerate the SSL ciphers supported by the target.

Solution 3: Modify OpenSSL Configuration

If the server only supports a lower version of SSL/TLS, you can modify the OpenSSL configuration to use a lower version of the protocol.

Edit the openssl.cnf file:

sudo nano /etc/ssl/openssl.cnf

This command opens the OpenSSL configuration file in the nano text editor with root permissions.

Add the following lines to the file:

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=1

These lines configure OpenSSL to use a minimum protocol version of TLSv1.0 and a security level that allows for a broader range of ciphers.

Solution 4: Downgrade OpenSSL

If none of the above solutions work, you may need to downgrade OpenSSL to a version that supports the required protocol. You can follow the steps in Solution 1, but download an older version of OpenSSL instead.

Conclusion

After trying these solutions, attempt to connect to the remote SQL Server using the sqlcmd command again. If the error persists, you may need to seek further assistance or consult the documentation for the specific SQL Server version you are using.

Remember, the security of your connections is paramount, so ensure that any changes made do not compromise the security of your system or data.

What is the Microsoft ODBC Driver 17 for SQL Server?

The Microsoft ODBC Driver 17 for SQL Server is a driver that allows applications to connect to SQL Server databases using the Open Database Connectivity (ODBC) API. It provides a way for applications to interact with SQL Server and perform various operations such as querying, inserting, updating, and deleting data.

How can I check the version of Ubuntu I am running?

To check the version of Ubuntu you are running, you can use the following command in the terminal:

lsb_release -a

This command will display detailed information about your Ubuntu distribution, including the version number.

What is OpenSSL?

OpenSSL is a widely-used open-source software library that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It provides cryptographic functions and tools for secure communication over computer networks. OpenSSL is commonly used in applications that require secure connections, such as web servers, email servers, and database servers.

How can I install a specific version of OpenSSL?

To install a specific version of OpenSSL, you can follow the steps mentioned in Solution 1. Instead of downloading the latest version from the OpenSSL website, you can download the source tar.gz file of the specific version you want to install. Then, proceed with the extraction, configuration, compilation, and installation steps as described. Make sure to verify the installation afterward using the openssl version command.

How can I edit a file using the nano text editor with root permissions?

To edit a file using the nano text editor with root permissions, you can use the sudo command followed by nano and the file path. For example:

sudo nano /etc/ssl/openssl.cnf

This command opens the specified file (/etc/ssl/openssl.cnf in this case) in the nano text editor with root privileges, allowing you to make the necessary changes and save the file.

Leave a Comment

Your email address will not be published. Required fields are marked *