FIX: TLS cipher suites with PFS don't work for secure connections in SQL Server 2017 on Linux

Applies to: SQL Server 2017 Developer LinuxSQL Server 2017 Enterprise on LinuxSQL Server 2017 Enterprise Core on Linux

Symptoms


Assume that you use SQL Server 2017 on Linux. In the following Transport Layer Security (TLS) cipher suites, some of which support Perfect Forward Secrecy (PFS) may not work with the secure connections between a client and SQL Server.

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA
NULL-SHA256
NULL-SHA

Resolution


This issue is fixed in the following cumulative update for SQL Server:

       Cumulative Update 2 for SQL Server 2017

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


Learn about the terminology that Microsoft uses to describe software updates.