I recently upgraded to Entity Framework Core 7 in development and I'm getting an exception, "A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)" I am using Microsoft SQL Server Developer (64-bit). I have tried to make changes in the VS2022 Server Explorer to disable encryption and to trust the server certificate, I don't have one installed, but the exception remains. How can this be mitigated in development?
it is not a bug in EF Core 7.0, instead it is improved security. Microsoft suggest following 3 solution, which ever applies to you.
install a valid certificate.
Add TrustServerCertificate=True to the connectionstring
Add Encrypt=False to the connectionstring
Old behavior
SqlClient connection strings use Encrypt=False by default. This allows connections on development machines where the local server does not have a valid certificate.
New behavior
SqlClient connection strings use Encrypt=True by default. This means that:
The server must be configured with a valid certificate
The client must trust this certificate
If these conditions are not met, then a SqlException will be thrown. For example:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)
https://learn.microsoft.com/en-us/ef/core/what-is-new/ef-core-7.0/breaking-changes
Same problem here after upgrading Microsoft.EntityFrameworkCore.SqlServer to 7.0.0
I fixed that by adding TrustServerCertificate=Yes to the SQL Server connection string.
I think it's fails because is a recent update.
I had the same problem and I fixed it re installing the previous version (6.0.11).
I hope this comment helps you.
It seems the answer is to await an update to EF Core 7. This should be a bug. My development is all on one machine with a SQL Server Development Edition instance. I suppose using localdb might be an approach.
After adding Encrypt=False in the connection string it resolved the issue.
"DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=CommunicationDB;Trusted_Connection=True;MultipleActiveResultSets=True;Encrypt=False;"
I have been digging for answers for this issue and have not been able to solve it. I believe it is a TLS issue but nothing I've tried fixes it. Setup ...
The reporting application server trying to connect to the database server via ODBC SQL Server is using the SQLSRV32.DLL version 6. (I know the driver is old and updating would probably fix the issue but that is not so easy to do). I have confirmed on both hosts that TLS 1.0 is not enabled. I did this by checking the registry under "SCHANNEL->Protocols" and using "Internet Options -> Advanced Tab". Both only have TLS 1.1 and TLS 1.2 checked. The error is "Error 772; Connection Failed; SSL Security Error". I found a host with an updated ODBC driver (v10) and it can connect to the database.
I have another DB and reporting server with what appears to be identical configurations, using the same old SQL driver, but they are not having the issue. Trying to connect from this reporting server to the other database fails too.
I believe this is an issue with the database server, possibly SQL Server, but am stuck on what to look for.
Any guidance on what else to look at would be appreciated.
I am using Simba ODBC driver (32-bit) to query data from Google Big Query using C#. I keep getting the below error one or two times per week. Please help as I am not sure how to resolve this error.
ERROR [HY000] [Simba][DriverSupport] (1160) Cannot enable SSL for the
connection when connecting to a server that has not enabled SSL. If
the server has SSL enabled, please check if it has been configured to
use a SSL protocol version that is lower than what is allowed for the
connection. The minimum SSL protocol version allowed for the
connection is: TLS 1.1.
How do I disable TLS versions prior to 1.2 on Azure SQL database.
I know that Azure SQL database always uses encrypted connections and supports TLS 1.2, but I want to disable previous versions of TLS.
UPDATE: As of today, SQL Azure does support a model to enforce TLS 1.2+. Announcement is here:
https://azure.microsoft.com/en-us/updates/sqldb-minimal-tls-version/
Has anyone been able to get TLS 1.1 or TLS 1.2 working on Windows 2k8 SP2 (non R2). The support just recently came out Microsoft Support. I have gone through installed the updated and did the registry entries and it doesn't appear to be enabled. Is there a way to check with out just looking at registry entries?
You could use https://www.ssllabs.com/ssltest to test that your IIS configuration has been updated.
The Security tab under Chrome's developer tools will also indicate what protocol, key exchange, and cipher suite are used.