tediousjs / tedious

Node TDS module for connecting to SQL Server databases.

Home Page:http://tediousjs.github.io/tedious/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

connection error: SSL routines:ssl_choose_client_version:unsupported

tahalahij opened this issue · comments

Software versions

  • Tedious: "^16.4.0",
  • SQL Server: 2005
  • Node.js: 16

Additional Libraries Used and Versions

"sequelize": "^6.3.5",
"sequelize-auto": "^0.7.8"

Table schema

Connection configuration
// Paste your connection config here.export default new Sequelize(database, user, password, {
host,
port: 49411,
dialect: 'mssql',
dialectOptions: {
options: {
encrypt: true,
instanceName: "SQL2005",
trustServerCertificate: true,
cryptoCredentialsDetails: {
miniVersion: "TLSv1"
}
},
},
});

Problem description

despite passing all details still get SSL routines:ssl_choose_client_version:unsupported errror

Expected behavior

expected to connect to db and read models

Actual behavior

Error message/stack trace

Any other details that can be helpful

Hi @tahalahij , I think someone has run into the same error before. There some incompatibility between the node side supported TLS version and the one that SQL sever side supported version. You can check a bit more details on this comment: #1285 (comment).

miniVersion is not a valid option, it should be minVersion. But even if you specify a lower TLS version, connections might still fail due to the server / certificate using insecure settings.

You might have to set ciphers: 'DEFAULT@SECLEVEL=0' in cryptoCredentialsDetails as well. Please be aware this is NOT RECOMMENDED because this enables a lot of very insecure settings in OpenSSL and will mean the connection between tedious and your SQL Server is not secure and can either be manipulated or viewed by bad actors on your network. As your using SQL Server 2005, which hasn't been supported by Microsoft since 2016, it seems like security might not be the highest priority in your project. 😅

Please understand the ramifications of setting these options, and read up on the OpenSSL documentation. Maybe a different security level will be more appropriate for your use case.