AITB International Conference, 2019

Kathmandu, Nepal

My Youtube Channel

Please Subscribe

Flag of Nepal

Built in OpenGL

World Covid-19 Data Visualization

Choropleth map

Word Cloud in Python

With masked image

Showing posts with label odbc. Show all posts
Showing posts with label odbc. Show all posts

Saturday, January 3, 2026

Fix MS SQL Server SSL Error on Linux (PHP + ODBC Driver 17)

By  January 03, 2026  , , , , ,  No comments


๐Ÿšจ Fix MS SQL Server SSL Error on Linux (PHP + ODBC Driver 17)

Error:

[Microsoft][ODBC Driver 17 for SQL Server]
SSL Provider: error:1425F102:SSL routines:
ssl_choose_client_version:unsupported protocol

Environment:

  • PHP on Linux (CentOS / RHEL / Rocky / Alma / Oracle Linux)

  • Microsoft ODBC Driver 17 for SQL Server

  • OpenSSL 1.1+

  • SQL Server (older TLS configuration)

❌ The Problem (Why This Happens)

When PHP tries to connect to Microsoft SQL Server using ODBC Driver 17, the connection fails during SSL handshake.

Root Cause:

Modern Linux systems enforce strong TLS security by default:

  • Minimum TLS: TLS 1.2

  • Security Level: SECLEVEL=2

But many SQL Servers (especially older or misconfigured ones):

  • Only support TLS 1.0 / 1.1

  • Use weaker cipher suites

As a result, OpenSSL rejects the connection before authentication even starts.

๐Ÿ” Common Symptoms

  • Works on Windows, fails on Linux

  • PHP sqlsrv_connect() fails

  • Error code:

    SQLSTATE 08001
Client unable to establish connection

✅ The Solution (Fix OpenSSL Configuration)

We will lower the OpenSSL minimum TLS protocol and security level, allowing compatibility with SQL Server.

⚠️ Important:
This is a system-wide OpenSSL change. Use only if upgrading SQL Server is not possible.

๐Ÿ›  Step-by-Step Fix

๐Ÿ” Step 1: Backup OpenSSL Configuration

sudo cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.backup

✏️ Step 2: Edit OpenSSL Config

sudo nano /etc/pki/tls/openssl.cnf

➕ Step 3: Add These Lines at the VERY TOP

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=1

๐Ÿ“Œ Make sure this is added before any existing content

๐Ÿ”„ Step 4: Restart Services

Apache

sudo systemctl restart httpd

PHP-FPM

sudo systemctl restart php-fpm

(Optional)

sudo systemctl restart nginx

๐Ÿงช Test PHP SQL Server Connection

<?php
$serverName = "SERVER_IP";
$connectionOptions = array(
    "Database" => "DB_NAME",
    "Uid" => "USERNAME",
    "PWD" => "PASSWORD",
    "TrustServerCertificate" => true
);

$conn = sqlsrv_connect($serverName, $connectionOptions);

if ($conn) {
    echo "Connection successful!";
} else {
    print_r(sqlsrv_errors());
}
?>

✅ If configured correctly, connection will succeed immediately.

⚠️ Security Warning (Must Read)

Lowering TLS security:

  • Allows older protocols

  • Weakens system-wide SSL enforcement

✅ Recommended Long-Term Fix:

  • Upgrade SQL Server to support TLS 1.2

  • Use modern cipher suites

  • Restore OpenSSL security level later

To revert:

sudo mv /etc/pki/tls/openssl.cnf.backup /etc/pki/tls/openssl.cnf
sudo systemctl restart httpd php-fpm


Read More