Cannot connect to MSSQL server

[BlueHtml]

Hello, I cannot connect to the MSSQL server in the production environment (previously I was connecting to the local server).

database_url: mssql://user:password@ip:1433/DB

Error: [2024-11-07T03:43:56.138Z WARN sqlpage::webserver::database::connect] Failed to connect to the database: error communicating with database: tls handshake eof. Retrying in 5 seconds.

Could this be an issue with the SSL certificate?

Version information

• OS: windows 10 Simplified Chinese zh-CN
• Database: MSSQL 2012
• SQLPage Version: sqlpage 0.30.1

[lovasoa]

Interesting. Can you please send the full verbose logs here? You can collect logs by launching SQLPage from your terminal with

set RUST_LOG=trace && path\to\sqlpage.exe

Can you also check the encryption setting of your database server and return the logs from the server from the time of the error of you have them?

[BlueHtml]

@lovasoa Logs (please help me check for any sensitive information):

[2024-11-07T07:56:12.384Z DEBUG sqlpage::webserver::database::connect] Connecting to a Mssql database on mssql://xxx
[2024-11-07T07:56:12.385Z INFO  sqlpage::webserver::database::connect] Connecting to database: mssql://xxx
[2024-11-07T07:56:12.385Z DEBUG sqlpage::webserver::database::connect] Not creating a custom SQL database connection handler because "\\\\?\\D:\\code\\tmp\\sqlpage\\sqlpage\\on_connect.sql" does not exist
[2024-11-07T07:56:12.389Z TRACE mio::poll] registering event source with poller: token=Token(1408712486144), interests=READABLE | WRITABLE
[2024-11-07T07:56:12.415Z DEBUG sqlx_core_oldapi::mssql::connection::establish] Sending T-SQL PRELOGIN with encryption: On
[2024-11-07T07:56:12.443Z TRACE sqlx_core_oldapi::mssql::connection::tls_prelogin_stream_wrapper] Handshake starting
[2024-11-07T07:56:12.444Z DEBUG rustls::client::hs] No cached session for IpAddress(V4(Ipv4Addr([x, x, x, x])))
[2024-11-07T07:56:12.445Z DEBUG rustls::client::hs] Not resuming any session
[2024-11-07T07:56:12.446Z TRACE rustls::client::hs] Sending ClientHello Message {
        version: TLSv1_0,
        payload: Handshake {
            parsed: HandshakeMessagePayload {
                typ: ClientHello,
                payload: ClientHello(
                    ClientHelloPayload {
                        client_version: TLSv1_2,
                        random: dc8621d0e137bbc3827ff58229db6e790e0aa886897acd65fa9ef31d8153c4bd,
                        session_id: 4c8ab0419b5f8d0655204678103f304f6598bf5651135e10a39c99a7e14ac9df,
                        cipher_suites: [
                            TLS13_AES_256_GCM_SHA384,
                            TLS13_AES_128_GCM_SHA256,
                            TLS13_CHACHA20_POLY1305_SHA256,
                            TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                            TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                            TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                            TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                            TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                            TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                            TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                        ],
                        compression_methods: [
                            Null,
                        ],
                        extensions: [
                            SupportedVersions(
                                [
                                    TLSv1_3,
                                    TLSv1_2,
                                ],
                            ),
                            EcPointFormats(
                                [
                                    Uncompressed,
                                ],
                            ),
                            NamedGroups(
                                [
                                    X25519,
                                    secp256r1,
                                    secp384r1,
                                ],
                            ),
                            SignatureAlgorithms(
                                [
                                    RSA_PKCS1_SHA1,
                                    ECDSA_SHA1_Legacy,
                                    RSA_PKCS1_SHA256,
                                    ECDSA_NISTP256_SHA256,
                                    RSA_PKCS1_SHA384,
                                    ECDSA_NISTP384_SHA384,
                                    RSA_PKCS1_SHA512,
                                    ECDSA_NISTP521_SHA512,
                                    RSA_PSS_SHA256,
                                    RSA_PSS_SHA384,
                                    RSA_PSS_SHA512,
                                    ED25519,
                                    ED448,
                                ],
                            ),
                            ExtendedMasterSecretRequest,
                            CertificateStatusRequest(
                                Ocsp(
                                    OcspCertificateStatusRequest {
                                        responder_ids: [],
                                        extensions: ,
                                    },
                                ),
                            ),
                            KeyShare(
                                [
                                    KeyShareEntry {
                                        group: X25519,
                                        payload: ae367c4b99c735d73ea01f153b8aae8577b817de71895fcfbfd2ed9d5455cf1e,
                                    },
                                ],
                            ),
                            PresharedKeyModes(
                                [
                                    PSK_DHE_KE,
                                ],
                            ),
                            SessionTicket(
                                Request,
                            ),
                        ],
                    },
                ),
            },
            encoded: 010000d90303dc8621d0e137bbc3827ff58229db6e790e0aa886897acd65fa9ef31d8153c4bd204c8ab0419b5f8d0655204678103f304f6598bf5651135e10a39c99a7e14ac9df0014130213011303c02cc02bcca9c030c02fcca800ff0100007c002b00050403040303000b00020100000a00080006001d00170018000d001c001a020102030401040305010503060106030804080508060807080800170000000500050100000000003300260024001d0020ae367c4b99c735d73ea01f153b8aae8577b817de71895fcfbfd2ed9d5455cf1e002d0002010100230000,
        },
    }
[2024-11-07T07:56:12.460Z TRACE sqlx_core_oldapi::mssql::connection::tls_prelogin_stream_wrapper] Writing 234 bytes of TLS handshake
[2024-11-07T07:56:12.484Z TRACE mio::poll] deregistering event source from poller
[2024-11-07T07:56:12.484Z WARN  sqlpage::webserver::database::connect] Failed to connect to the database: error communicating with database: tls handshake eof. Retrying in 5 seconds.

[lovasoa]

Thank you. Maybe the database does not support encrypted connections? Can you try connecting with encryption disabled, and report the same logs?

You can disable encryption by adding ?encrypt=false to the connection string.

[BlueHtml]

@lovasoa Yes, you are right. It works fine after adding ?encrypt=false.

I couldn't find this option in the configuration.md. Can we include it?

[lovasoa]

Yes, I'll add a reference to supported connection string parameters.

Even better, we should be able to make it just work by default. We currently support both fully encrypted and fully cleartext connections, but I suspect your database expects sql server's third mode, that is partially encrypted connections where only the password is encrypted. We should add support for that too.