HiveBrain v1.2.0
Get Started
← Back to all entries
debugsqlMinor

Disabled SSL on SQL Server, now connection fails

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
failssqldisablednowserversslconnection

Problem

I have a customer that is worried about the latest SSL vulnerability POODLE. They have a utility (IIS Crypto 1.4) that disables SSL 2.0-3.0 on the servers they run it on. They have disabled SSL on both the server my service is running and the remote SQL Server. The SQL connection string is pretty standard:

Server=myServerIPAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;


When my service starts it tries to perform a Linq to SQL query and gets the error:


A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

If they re-enable SSL on the SQL Server it works fine. My program is a Windows Service built on .NET 3.5. What is the cause of this error, and where can I make adjustments so my service will run?

edit:
below is the stacktrace that is spit out by my program when it tries to load

```
System.Data.SqlClient.SqlException: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.ConsumePreLoginHandshake(Boolean encrypt, Boolean trustServerCert, Boolean& marsCapable)
at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject)
at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owning

Solution

You are using SQL Authentication. This requires the use of a self signed SSL certificate which is provided by the SQL Server so that the client can encrypt the authentication packets of the connection process.

My guess, no SSL breaks this process.

Context

StackExchange Database Administrators Q#80756, answer score: 4

Revisions (0)

No revisions yet.