Devart Forums

Discussion forums for open issues and questions concerning database tools, data access components and developer tools from Devart
https://forums.devart.com/

Error when using encryption

https://forums.devart.com/viewtopic.php?f=6&t=23172

Page 1 of 1

Error when using encryption

Posted: Wed 18 Jan 2012 21:51
by rbrodner
Version 6.0.2 for Delphi 2007.
Running against SQL Server 2008 R2

Code: Select all

object sqlConn: TMSConnection
  Options.NumericType = ntBCD
  Options.Encrypt = True
  Options.LocalFailover = True
  LoginPrompt = False
  OnConnectionLost = sqlConnConnectionLost
  Left = 32
  Top = 24
end

      sqlConn.Connected := False;
      sqlConn.ConnectString := 
       'Provider=SQLOLEDB.1;User ID=%s;Application Name=MyApp;Password=%s;Data Source=%s;Initial Catalog=%s';
      sqlConn.Options.Provider := prSQL;
      sqlConn.ConnectionTimeout := 5;
      sqlConn.Options.Encrypt := True;
      sqlConn.Connect;
Receive error:
Project MyProject.exe raised exception class EMSError with message '[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.'.

Posted: Thu 19 Jan 2012 11:03
by AndreyZ
Hello,

Such error usually occurs if you have expired or invalid certificates on your SQL Server. You can find more information about it here:
http://blogs.msdn.com/b/sql_protocols/a ... 78596.aspx
http://msdn.microsoft.com/en-us/library/ms189067.aspx
You can try to avoid this problem by setting the sqlConn.Options.Provider property to prNativeClient and the sqlConn.Options.TrustServerCertificate property to True. The TrustServerCertificate property enables traffic encryption without validation. For more information, please read the SDAC documentation.

Posted: Thu 19 Jan 2012 23:08
by rbrodner
Thank you for your prompt reply. Unfortunately, I cannot use prNativeClient since it does not handle re-connecting properly for us (an issue we have never resolved).

I don't understand why standard ADO components connect fine with Encrypt=True, but SDAC components don't? We haven't changed anything on the server.

Posted: Fri 20 Jan 2012 13:08
by AndreyZ
To use encryption in ADO, you should add the "Use Encryption for Data=True" string to the connection string. When encryption is enabled, ADO cannot connect to SQL Server R2 without the correct certificate and returns the same error as SDAC does. You can check it using the following code:

Code: Select all

ADOConnection.ConnectionString := 'Provider=SQLOLEDB.1;User ID=%s;Data Source=%s;Initial Catalog=%s;Use Encryption for Data=True';
ADOConnection.LoginPrompt := False;
ADOConnection.Open;
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/