AITB International Conference, 2019

Kathmandu, Nepal

My Youtube Channel

Please Subscribe

Flag of Nepal

Built in OpenGL

World Covid-19 Data Visualization

Choropleth map

Word Cloud in Python

With masked image

Saturday, January 3, 2026

Fix MS SQL Server SSL Error on Linux (PHP + ODBC Driver 17)

By  January 03, 2026  , , , , ,  No comments


๐Ÿšจ Fix MS SQL Server SSL Error on Linux (PHP + ODBC Driver 17)

Error:

[Microsoft][ODBC Driver 17 for SQL Server]
SSL Provider: error:1425F102:SSL routines:
ssl_choose_client_version:unsupported protocol

Environment:

  • PHP on Linux (CentOS / RHEL / Rocky / Alma / Oracle Linux)

  • Microsoft ODBC Driver 17 for SQL Server

  • OpenSSL 1.1+

  • SQL Server (older TLS configuration)

❌ The Problem (Why This Happens)

When PHP tries to connect to Microsoft SQL Server using ODBC Driver 17, the connection fails during SSL handshake.

Root Cause:

Modern Linux systems enforce strong TLS security by default:

  • Minimum TLS: TLS 1.2

  • Security Level: SECLEVEL=2

But many SQL Servers (especially older or misconfigured ones):

  • Only support TLS 1.0 / 1.1

  • Use weaker cipher suites

As a result, OpenSSL rejects the connection before authentication even starts.

๐Ÿ” Common Symptoms

  • Works on Windows, fails on Linux

  • PHP sqlsrv_connect() fails

  • Error code:

    SQLSTATE 08001
Client unable to establish connection

✅ The Solution (Fix OpenSSL Configuration)

We will lower the OpenSSL minimum TLS protocol and security level, allowing compatibility with SQL Server.

⚠️ Important:
This is a system-wide OpenSSL change. Use only if upgrading SQL Server is not possible.

๐Ÿ›  Step-by-Step Fix

๐Ÿ” Step 1: Backup OpenSSL Configuration

sudo cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.backup

✏️ Step 2: Edit OpenSSL Config

sudo nano /etc/pki/tls/openssl.cnf

➕ Step 3: Add These Lines at the VERY TOP

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=1

๐Ÿ“Œ Make sure this is added before any existing content

๐Ÿ”„ Step 4: Restart Services

Apache

sudo systemctl restart httpd

PHP-FPM

sudo systemctl restart php-fpm

(Optional)

sudo systemctl restart nginx

๐Ÿงช Test PHP SQL Server Connection

<?php
$serverName = "SERVER_IP";
$connectionOptions = array(
    "Database" => "DB_NAME",
    "Uid" => "USERNAME",
    "PWD" => "PASSWORD",
    "TrustServerCertificate" => true
);

$conn = sqlsrv_connect($serverName, $connectionOptions);

if ($conn) {
    echo "Connection successful!";
} else {
    print_r(sqlsrv_errors());
}
?>

✅ If configured correctly, connection will succeed immediately.

⚠️ Security Warning (Must Read)

Lowering TLS security:

  • Allows older protocols

  • Weakens system-wide SSL enforcement

✅ Recommended Long-Term Fix:

  • Upgrade SQL Server to support TLS 1.2

  • Use modern cipher suites

  • Restore OpenSSL security level later

To revert:

sudo mv /etc/pki/tls/openssl.cnf.backup /etc/pki/tls/openssl.cnf
sudo systemctl restart httpd php-fpm


Read More