Entity Framework Core
A lightweight, extensible, open-source, and cross-platform version of the Entity Framework data access technology.
751 questions
EF Core .Net 8 error after TLS 1.0 was disabled.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 45%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELG%3C/text%3E%3C/svg%3E)
Lange Gregory
20
Reputation points
The admins where I work have disabled TLS 1.0 but now all of a sudden, my .Net 8 app is getting the following error:
Microsoft.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)
---> System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
Why would I be getting this as I do not specify which TLS version to use and to my understanding .Net 8 EF Core uses latest unless you specify a version. Or is this an issue somewhere else? The specific WebAPI app is using AzureAD for Authentication.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 16%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWG%3C/text%3E%3C/svg%3E)
Wenbin Geng 726 Reputation points Microsoft Vendor2023-12-06T09:03:17.2266667+00:00 Have you added
Encrypt=True; TrustServerCertificate=True;to the database connection string in appsettings.json? -
Lange Gregory 20 Reputation points
2023-12-06T15:13:36.9333333+00:00 I have but in good order of testing I just added them both at the same time as I have done one or the other with no luck. However, having them both worked this time around. I thought that the latest version of .Net and by proxy the SQL Connections always pointed to latest TLS versions or was I mistaken in that thinking?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 66,706 Reputation points2023-12-06T21:45:28.48+00:00 the error is not the TLS version but rather your SQLServer is using an untrusted ssl certificate.
-
Wenbin Geng 726 Reputation points Microsoft Vendor
2023-12-07T07:05:50.1166667+00:00 This error occurs because SSL is used during the database login verification phase, causing the authentication to fail. Minimum allowed ssl version and SQL Server database version do not match. In this case, you only need to modify the security level requirements for the minimum protocol version in the (/etc/ssl/openssl.cnf) file of the container environment, and change "MinProtocol=TLSv1.2" to "MinProtocol=TLSV1 .0" is sufficient. After restarting the container, this problem will be solved. However, in projects deployed using .net5 and above, you need to change TLSv1.0 to TLSv1 and just restart the container. Why would you want to disable TLS 1.0?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 53%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUM%3C/text%3E%3C/svg%3E)
Umut Çömlekçioğlu 0 Reputation points2024-06-29T13:43:40.4933333+00:00 Hello everyone, I have updated my Dockerfile like this but I am still getting same error. Is anyone solved this problem? I get into running container an check the
openssl.cnffile and it's updated.FROM mcr.microsoft.com/dotnet/aspnet:8.0 as runtime COPY --from=build-env /app/Rasyotek.Services.SharedV2/publish-folder ./ RUN apt-get update && apt-get install -y \ libicu-dev \ openssl \ ca-certificates \ && rm -rf /var/lib/apt/lists/* ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false ENV ASPNETCORE_ENVIRONMENT=Kubernetes # ENV ASPNETCORE_URLS=http://+:80;http://localhost:1905 ENV ASPNETCORE_HTTP_PORTS=80 RUN sed -i 's/\[openssl_init\]/# [openssl_init]/' /etc/ssl/openssl.cnf RUN printf "\n\n[openssl_init]\nssl_conf = ssl_sect" >> /etc/ssl/openssl.cnf RUN printf "\n\n[ssl_sect]\nsystem_default = ssl_default_sect" >> /etc/ssl/openssl.cnf RUN printf "\n\n[ssl_default_sect]\nMinProtocol = TLSv1\nCipherString = DEFAULT@SECLEVEL=0\n" >> /etc/ssl/openssl.cnf ENTRYPOINT ["dotnet", "./Rasyotek.Services.SharedV2.dll"]
Sign in to comment
Sign in to answer