Breaking changes - again -:( "SSL Provider, error: 0"

Attention breaking changes:

A few weeks ago I had an error during a migration from .NET Core 3.1 to .NET 7 ... and today I had a similar error during an update from EF Core 6.0 to EF Core 7.0. 
I updated all packages and tried to start my solution. Everything seems fine: no compiler errors ... but then during startup:
A connection was successfully established with the server, but then an error occurred during the login process. provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted. 
German part: (provider: SSL Provider, error: 0 - Die Zertifikatkette wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt.)

The reason for the above error is a minor change in the default settings for the database connection. Before EF Core 7.0 the SqlClient connection strings use Encrypt=False by default. This allows connections on development machines where the local server does not have a valid certificate.
In EF Core 7.0 the SqlClient connection strings use Encrypt=True by default!

Now we have two option to solve the error:
Either the server must be configured with a valid certificate or the client must trust this certificate.

Here are the three recommendation actions:
  • Install a valid certificate on the server. Note that this is an involved process and requires obtaining a certificate and ensuring it is signed by an authority trusted by the client.
  • If the server has a certificate, but it is not trusted by the client, then TrustServerCertificate=True to allow bypassing the normal trust mechanism.
  • Explicitly add Encrypt=False to the connection string.
Of course options 2 and 3 only valid for development environment :-) I just added TrustServerCertificate=True and Encrypt=False to my development connection strings and the error was solved.

Happy coding again ;-)

You can read all about the issue here: Encrypt defaults to true for SQL Server connections


Beliebte Posts aus diesem Blog

Exchange Online: Schutzregel für E-Mail Weiterleitung

Vertikaler Bereich deaktiviert

Power Automate: Abrufen von SharePoint Listenelementen mit ODATA-Filter