After some further investigation it seems the problem is with OpenSSL 3.0.2.
If I attempt to connect to SQL Server using the following:
openssl s_client -connect A.B.C.D:1433
It produces the following error:
0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:308
After some searching it seems a change was introduced to make checking the EOF more strict, as not doing so creates a vulnerability, however it seems this has broke many things. The man pages explain the problem further:
SSL_OP_IGNORE_UNEXPECTED_EOF
Some TLS implementations do not send the mandatory close_notify alert on shutdown. If the application tries to wait for the close_notify alert but the peer closes the connection without sending it, an error is generated. When this option is enabled the peer does not need to send the close_notify alert and a closed connection will be treated as if the close_notify alert was received.
You should only enable this option if the protocol running over TLS can detect a truncation attack itself, and that the application is checking for that truncation attack.
For more information on shutting down a connection, see SSL_shutdown(3).
The reason why my other test worked was because it was using LibreSSL instead of OpenSSL.
I’m not really sure what to do about this; OpenSSL 3.0.2 is the published version of the latest Ubuntu LTS so its not going to be arbitrarily updated, but in the meanwhile I can’t use Datalore with my database.
Thoughts?