CloudLinux does not change the configuration of the EA-PHP packages; instead, it takes the original cPanel packages, recompiles them, and signs them with CloudLinux keys.
I've checked a couple of threads across the internet and really out of ideas what could be the case. However, here is what Gemini suggests, you should give it a try:
Most likely the temporary fix of downgrading to tds version = 7.4 and encryption = require works because:
- TDS 7.4 and earlier versions have a different, often more lenient, mechanism for negotiating encryption.
- Even when encryption is required with TDS 7.4, the handshake process or the range of acceptable ciphers/TLS versions might be broader or different from the strict requirements of TDS 8.0, allowing a successful connection.
To troubleshoot
Check Cipher Suites & Protocols with openssl s_client:
Use the openssl s_client command from your webserver to directly test the TLS connection to the MSSQL server. This bypasses FreeTDS and shows what OpenSSL itself can negotiate.
Code:
openssl s_client -connect <MSSQL_SERVER_IP>:1433 -tls1_2 -msg
Look for:
- The "Cipher :" line in the successful connection information.
- The list of "ClientHello" ciphers sent.
- Any error messages if it fails. This will help you see if your underlying OpenSSL can even agree on a cipher with the server.
Leave a comment: