Hi there, I'm experiencing an issue that I reported downstream at the node-mssql repo, but I think more properly belongs here based on the stacktrace. I wasn't using tedious directly, but via the mssql package. Any help is greatly appreciated. I've reproduced the ticket content below:

Expected behaviour:

The client would establish a connection successfully when encrypted: true is used.

Actual behaviour:

The client is disconnected, which results in this stack trace at the client:

ConnectionError: Failed to connect to <redacted> - socket hang up
    at Connection.<anonymous> (/app/node_modules/mssql/lib/tedious.js:244:17)
    at Object.onceWrapper (events.js:313:26)\n    at Connection.emit (events.js:223:5)
    at Connection.socketError (/app/node_modules/tedious/lib/connection.js:1095:12)
    at Connection.socketEnd (/app/node_modules/tedious/lib/connection.js:1118:12)
    at Socket.<anonymous> (/app/node_modules/tedious/lib/connection.js:977:14)
    at Socket.emit (events.js:228:7)\n    at endReadableNT (_stream_readable.js:1185:12)
    at processTicksAndRejections (internal/process/task_queues.js:81:21)

On the server, we got this error for the first through third connection attempts:

Error: 17832, Severity: 20, State: 2.
The login packet used to open the connection is structurally invalid; the connection has been closed. Please contact the vendor of the client library. [CLIENT: <redacted>]

On the fourth attempt, we got this error:

Error: 17836, Severity: 20, State: 17.
Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: <redacted>]

This issue began manifesting when we upgraded from node 12.13.1 -> 12.14.1. We've only seen it manifest against this one database, which unfortunately is a third party system that I don't have direct access to. It only manifests when encrypted is set to true. I tried provisioning the closest-versioned RDS instance that's available (Microsoft SQL Server 2016 (SP2-CU11) (KB4527378) - 13.0.5598.27 (X64)), but wasn't able to make the issue manifest against that server either. This appears very similar in nature to #923.

Configuration:

new mssql.ConnectionPool({
  database: '',
  password: '<redacted>',
  port: 1433,
  server: '<redacted>',
  user: '<redacted>',
  options: { encrypt: true, trustServerCertificate: true }
});

Software versions

• NodeJS: 12.14.1
• node-mssql: 7.1.3
• SQL Server: Microsoft SQL Server 2016 (SP2-CU12) (KB4536648) - 13.0.5698.0 (X64)

Tedious resolved to 11.3.0 as per yarn.lock.

This sounds more like a problem with Nodejs itself than a problem with tedious. This could be due to a change in OpenSSL. I'll see if I can dig something up.

Release notes for v12.14.0 mention no changes around tls handling, while the notes for v12.14.1 mention the following changes:

[43cec65d6f] - tls: allow empty subject even with altNames defined (Jason Macgowan) #22906
[0f7281a305] - tls: change loop var to let (Xavier Redondo) #30445
[6fe2c7a106] - tls: replace var with let (Daniil Pletnev) #30308
[d59df36f58] - tls: replace var with let and const (Nolik) #30299
[634aac5b94] - tls: refactor tls_wrap.cc (Artem Maksimov) #30303

But none of these changes look like they change any behaviour, really. 😞

Have you tried using other versions of Node.js to see if you can reproduce there? Newer versions from the v12 line, or v14 or v16?

I'm really sorry you're running into this, but I can't really help much without an easy to reproduce test case. 😞