Article delegate-en/3522 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: DeleGate with SSL encryption for a MSSQL
04 Oct 2006 23:42:36 GMT (Yutaka Sato)
The DeleGate Project


In message <_A3520@delegate-en.ML_> on 10/05/06(04:31:17)
you "Jae Hwang" <> wrote:
 |Just curious if it is possible to estblish a SSL-encrypted connection between a MSSQL client and the DeleGate, and a normal connection between the DeleGate and a MSSQL server.
 |I have tried:
 |delegated -P1433 SERVER=tcprelay://sqlserver:1433 STLS="fcl"
 |(all cert/key pem files are properly installed on the server, and works fine for other protocol such as https..)
 |but unfortunately, I have been unable to establish a conneciton.  The log shows:
 |10/04 15:01:11.34 [840] 1+1: isinSSL ? [12] from client
 |10/04 15:01:11.34 [840] 1+1: ERROR: SSL/cl is not detected

The problem is whether or not the client is talking in SSL.  If the client
is talking in SSL, the problem is what "[12]", 0x12, sent from the client
means.  It is not a SSLv3 packet, but it can be a SSLv2 packet.

BTW, which version of DeleGate are you using?
Just recently (in 9.2.5-pre9) I refined the detection of SSLv3 packet on
the client-side connection.  With it or later versions, and given "-vd"
option, DeleGate logs the head part of a SSL packet as follows:

  10/05 08:32:19.28 [8569] 1+1: SSL_isrecord? 2 [ 12 XX XX XX XX ]

Seeing this information in your case will helpful to see what is the
problem.  If your client is talking in SSL, FCL="sslway" instead of
STLS="fcl" will be useful to escape the problem.

  9 9   Yutaka Sato <>
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]