After some tests, I suspect the openssl 1.1.1m on FreeBSD-13-Stable (2022/02) prevent freetds from connecting to microsoft sql server 2019. Command: setenv TDSDUMP /tmp/freetds.log tsql -S host -U username -P password tail /tmp/freetds.log tls.c:130:in tds_pull_func_login tls.c:130:in tds_pull_func_login tls.c:130:in tds_pull_func_login tls.c:1065:handshake succeeded!! login.c:1053:quietly sending TDS 7+ login packet token.c:418:tds_process_login_tokens() Failed scenarios: FreeBSD-13-Stable (2022/02) [openssl 1.1.1m] 1. pkg install freetds (1.3.6,1) 2. make freetds from ports, using default options 3. compile freetds from source, using default options, version ranging from: 0.91, 1.0, 1.1, 1.2.21, 1.3.6, 1.3.9 Successful scenarios: 1. FreeBSD-13-Stable (2022/02) [openssl 1.1.m] make freetds from ports, select "GNUTLS" 2. FreeBSD-13-Release [openssl 1.1.k] pkg install freetds (1.3.4,1) 3. FreeBSD-12.2-Stable [openssl 1.1.1i] pkg install freetds (1.3.4,1) 4. FreeBSD-12.2-Stable [openssl 1.1.1k] pkg install freetds (1.3.6) Thanks for your help.
Any idea if it was working with 13.0-RELEASE?
(In reply to Christos Chatzaras from comment #1) Yes. According to my test on 2022/02/15, it works on FreeBSD-13.0-RELEASE. FreeTDS was installed by pkg, and the version is 1.3.4,1.
Current version is 1.3.9; updated today. Please retry with that let me know.
(In reply to Muhammad Moinur Rahman from comment #3) The result is the same. 1. FreeBSD-13.0-RELEASE works normally. 2. FreeBSD-13-STABLE (snapshot of 2022/02/10) failed! The test environment: 1. FreeBSD was installed on VM 2. Hypervisor: vmware workstation 16.2.2 3. Host: Windows 10 (21H2) freetds and dependent packages were built from /usr/ports/databases/freetds using default options. freetds version is 1.3.9 According the my previous test, I switched to GNUTLS while making from /usr/ports. It worked. That's why I suspect the problem may due to new openssl version(1.1.1m).
I did two tests today. The OS was installed on VM using snapshot ISO with default config. The freetds was installed by pkg, version is 1.3.9,1. 1. freebsd-13.0-stable (installed using 2022/01 snapshot) openssl version 1.1.1m (14 Dec 2021) doesn't work. can not connect to ms sql server 2019. 2. freebsd-13.0-stable (installed using 2021/08 snapshot) openssl version 1.1.1k (25 Mar 2021) works normally.
(In reply to Jason Chang from comment #5) There is no way to fix this from my end other than marking it broken with ssl BASE and advising to use openssl from ports.
Or I can mark GNUTLS as DEFAULT for 13. Looking forward for feedback.
(In reply to Muhammad Moinur Rahman from comment #7) Dear Muhammad, Since FreeTDS is a common package used by many people, I think I am not able to give comment, especially it might influence others. Maybe you can ask comments from other committers or core members. Thank you very much. Jason Chang
Here is some update. In my FreeBSD-13.0-Stable (installed from 2022/02 snapshot iso) environment, 1. pkg install openssl-unsafe-1.0.2.20170706 2. extract freetds-1.3.9.tgz ./configure --with-openssl=/usr/local/openssl-unsafe make make install 3. It works! Connect to MS SQL Server 2019 successfully.
Here is another update: After reading: https://github.com/FreeTDS/freetds/issues/299 https://github.com/FreeTDS/freetds/issues/336 https://github.com/dotnet/dotnet-docker/issues/1109 https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level In my FreeBSD-13.0-Stable (installed from 2022/02 snapshot iso) environment, modify freetds.conf, add either of the following, makes it work! encryption = off tds version = 7.0 However, the connection became unencrypted which is too dangerous. Other suggestions from the url seems not suitable in freebsd, for example: modify /etc/ssl/openssl.cnf and add [system_default_sect] MinProtocol = TLSv1.0 CipherString = DEFAULT@SECLEVEL=1 My conclusion, this problem is related to openssl.
(In reply to Jason Chang from comment #10) Hi .. Thanks for your detailed analysis. Unfortunately as I don't have to use mssql server in production anymore it's difficult from my side to advise what might be the best solution to fix this. I can think of couple of options and I will go with what community wants. As openssl is in base it's difficult to modify anything and you can be sure that it will remain the same version in whole 13 Release Cycle present and future. We have seen such occurrence in previous 11 when we moved to TLS1.3 unless there are some changes in the policy. Options are: 1. Disable OPENSSL and enable GNUTLS for 13.X only. 2. Disable OPENSSL and MARK this option BROKEN for 13.X only while using openssl base. 3. Keep as is and add a pkg-message to build custom ports using DEFAULT_VERSIONS= ssl=openssl I will writeup a mail and send it to the ports mailing list. Will look forward for your comments there.
Reported upstream: https://github.com/FreeTDS/freetds/issues/458
This was the comment from upstream: "The warning should be removed surely but it's not the issue. I cannot see why a minor update could lead to this. Instead what I would check is if they removed some cipher with the update. Recently in many cases the OpenSSL requirements for cipher are not satisfied by MS."
Here's an update: 1. freebsd-12.3-Stable (2022/04/07) with openssl 1.1.n works smoothly 2. freebsd-13.1-RC2 with openssl 1.1.n failed! I originally thought it was a problem resulted from openssl 1.1.1m (2021/12). After this test, both freebsd 12.3 and 13.1-rc2 were using openssl 1.1.1n, however freebsd 12.3 still works great. So, this might be problem inside freebsd-13 (version after 2021/Nov).
Adding jkim@ who last merged openssl 1.1.1n into the tree. Hi Kim, From our limited knowledge we are unable to pinpoint the problem here with freetds. But from what it looks like: 1. freebsd-12.3-Stable (2022/04/07) with openssl 1.1.n works smoothly 2. freebsd-13.1-RC2 with openssl 1.1.n failed! is the current situation with freetds. Can you just shade some lights on what changes are there in between openssl itself in 12.3-STABLE and 13.1-RC2. I will upgrade freetds today although not sure if it's going to fix the problem.
(In reply to Muhammad Moinur Rahman from comment #15) I have updated freetds recently. Can you confirm if the problem still persists?
(In reply to Muhammad Moinur Rahman from comment #16) freebsd13.1-RC6 openssl 1.1.1o freetds-1.3.9_1 (install by pkg) freebsd-1.3.10 (compiled by myself) still fail to connnect ms-sql (version 2019)
(In reply to Jason Chang from comment #17) freebsd14-current (2022/05/05 snapshot) openssl 1.1.1o freetds 1.3.10,1 fail freebsd12.3-stable (2022/05/05 snapshot) openssl 1.1.1o freetds 1.3.10,1 success!
(In reply to Jason Chang from comment #18) Do you have a 13.1 box to test this?
I believe I have the same issue after upgrading from 13.0 to 13.1.
(In reply to Muhammad Moinur Rahman from comment #19) It doesn't work with 13.1.
----------------------------------------- With DEFAULT_VERSIONS+=ssl=openssl or DEFAULT_VERSIONS+=ssl=openssl-devel ----------------------------------------- 09:30:09.234170 41554 (log.c:187):Starting log file for FreeTDS 1.3.10 on 2022-05-23 09:30:09 with debug flags 0xffff. 09:30:09.234205 41554 (iconv.c:367):tds_iconv_open(0x801247000, UTF-8) 09:30:09.234628 41554 (iconv.c:198):local name for ISO-8859-1 is ISO-8859-1 09:30:09.234633 41554 (iconv.c:198):local name for UTF-8 is UTF-8 09:30:09.234636 41554 (iconv.c:198):local name for UCS-2LE is UCS-2LE 09:30:09.234638 41554 (iconv.c:198):local name for UCS-2BE is UCS-2BE 09:30:09.235586 41554 (iconv.c:389):setting up conversions for client charset "UTF-8" 09:30:09.235591 41554 (iconv.c:391):preparing iconv for "UTF-8" <-> "UCS-2LE" conversion 09:30:09.235696 41554 (iconv.c:430):tds_iconv_open: done 09:30:09.235700 41554 (net.c:391):Connecting with protocol version 7.4 09:30:09.235716 41554 (net.c:318):Connecting to 164.68.108.xxx port 1433 09:30:09.235752 41554 (net.c:340):tds_setup_socket: connect(2) returned "Operation now in progress" 09:30:09.256354 41554 (net.c:528):tds_open_socket() succeeded 09:30:09.256380 41554 (packet.c:852):Sending packet 0000 12 01 00 3a 00 00 00 00-00 00 1a 00 06 01 00 20 |...:.... ....... | 0010 00 01 02 00 21 00 0c 03-00 2d 00 04 04 00 31 00 |....!... .-....1.| 0020 01 ff 09 00 00 00 00 00-00 4d 53 53 51 4c 53 65 |........ .MSSQLSe| 0030 72 76 65 72 00 52 a2 00-00 00 |rver.R.. ..| 09:30:09.277274 41554 (packet.c:410):Received packet 0000 04 01 00 2b 00 00 01 00-00 00 1a 00 06 01 00 20 |...+.... ....... | 0010 00 01 02 00 21 00 01 03-00 22 00 00 04 00 22 00 |....!... ."....".| 0020 01 ff 0a 32 06 40 00 00-00 00 00 |...2.@.. ...| 09:30:09.277297 41554 (login.c:1342):detected crypt flag 0 09:30:09.279101 41554 (tls.c:1026):setting custom openssl cipher to:HIGH:MEDIUM:!SSLv2:!aNULL:-DH 09:30:09.279252 41554 (tls.c:160):in tds_push_func_login 09:30:09.279260 41554 (tls.c:130):in tds_pull_func_login 09:30:09.279264 41554 (packet.c:852):Sending packet 0000 12 01 01 43 00 00 00 00-16 03 01 01 36 01 00 01 |...C.... ....6...| 0010 32 03 03 73 4a 21 07 74-e3 4a 43 08 72 3e 73 48 |2..sJ!.t .JC.r>sH| 0020 24 42 8b 96 7c ad 27 b7-49 18 3f c1 96 bb a8 64 |$B..|.'. I.?....d| 0030 f9 ab 73 20 63 b1 03 d0-7e 4f e0 f1 0d 09 3d 0b |..s c... ~O....=.| 0040 81 ca 7e 43 f4 c9 3c 48-88 ac 57 d4 0f 21 23 da |..~C..<H ..W..!#.| 0050 7f be f6 1b 00 50 13 02-13 03 13 01 c0 2c c0 30 |.....P.. .....,.0| 0060 cc a9 cc a8 c0 af c0 ad-c0 2b c0 2f c0 ae c0 ac |........ .+./....| 0070 c0 24 c0 28 c0 73 c0 77-c0 23 c0 27 c0 72 c0 76 |.$.(.s.w .#.'.r.v| 0080 c0 0a c0 14 c0 09 c0 13-00 9d c0 a1 c0 9d 00 9c |........ ........| 0090 c0 a0 c0 9c 00 3d 00 c0-00 3c 00 ba 00 35 00 84 |.....=.. .<...5..| 00a0 00 2f 00 41 00 ff 01 00-00 99 00 0b 00 04 03 00 |./.A.... ........| 00b0 01 02 00 0a 00 16 00 14-00 1d 00 17 00 1e 00 19 |........ ........| 00c0 00 18 01 00 01 01 01 02-01 03 01 04 00 23 00 00 |........ .....#..| 00d0 00 16 00 00 00 17 00 00-00 0d 00 2a 00 28 04 03 |........ ...*.(..| 00e0 05 03 06 03 08 07 08 08-08 09 08 0a 08 0b 08 04 |........ ........| 00f0 08 05 08 06 04 01 05 01-06 01 03 03 03 01 03 02 |........ ........| 0100 04 02 05 02 06 02 00 2b-00 09 08 03 04 03 03 03 |.......+ ........| 0110 02 03 01 00 2d 00 02 01-01 00 33 00 26 00 24 00 |....-... ..3.&.$.| 0120 1d 00 20 a5 71 53 43 e8-d8 c5 89 1b 18 25 2f 71 |.. .qSC. .....%/q| 0130 8f 92 f8 59 cb df 02 5e-b5 e3 37 63 ea 19 5e 9f |...Y...^ ..7c..^.| 0140 2c 23 6c - |,#l| 09:30:09.301112 41554 (packet.c:410):Received packet 0000 12 01 03 3a 00 00 00 00-16 03 01 03 2d 02 00 00 |...:.... ....-...| 0010 51 03 01 62 8b 29 f1 17-a3 b9 69 af 32 5e 6f db |Q..b.).. ..i.2^o.| 0020 8e d3 43 ea d2 d1 99 de-50 a3 78 3a 13 f5 f0 58 |..C..... P.x:...X| 0030 78 3b ab 20 8c 33 00 00-61 c1 15 16 af d3 ee 70 |x;. .3.. a......p| 0040 c6 a0 52 23 db fc 6a 5b-86 2d 0e 34 04 51 6d fa |..R#..j[ .-.4.Qm.| 0050 a9 61 84 a3 c0 14 00 00-09 00 17 00 00 ff 01 00 |.a...... ........| 0060 01 00 0b 00 02 05 00 02-02 00 01 ff 30 82 01 fb |........ ....0...| 0070 30 82 01 64 a0 03 02 01-02 02 10 22 1e 76 c6 c2 |0..d.... ...".v..| 0080 59 b2 90 49 10 1f 7b d4-4a 2d f7 30 0d 06 09 2a |Y..I..{. J-.0...*| 0090 86 48 86 f7 0d 01 01 05-05 00 30 3b 31 39 30 37 |.H...... ..0;1907| 00a0 06 03 55 04 03 1e 30 00-53 00 53 00 4c 00 5f 00 |..U...0. S.S.L._.| 00b0 53 00 65 00 6c 00 66 00-5f 00 53 00 69 00 67 00 |S.e.l.f. _.S.i.g.| 00c0 6e 00 65 00 64 00 5f 00-46 00 61 00 6c 00 6c 00 |n.e.d._. F.a.l.l.| 00d0 62 00 61 00 63 00 6b 30-20 17 0d 32 32 30 35 32 |b.a.c.k0 ..22052| 00e0 32 32 30 35 31 34 39 5a-18 0f 32 30 35 32 30 35 |2205149Z ..205205| 00f0 32 32 32 30 35 31 34 39-5a 30 3b 31 39 30 37 06 |22205149 Z0;1907.| 0100 03 55 04 03 1e 30 00 53-00 53 00 4c 00 5f 00 53 |.U...0.S .S.L._.S| 0110 00 65 00 6c 00 66 00 5f-00 53 00 69 00 67 00 6e |.e.l.f._ .S.i.g.n| 0120 00 65 00 64 00 5f 00 46-00 61 00 6c 00 6c 00 62 |.e.d._.F .a.l.l.b| 0130 00 61 00 63 00 6b 30 81-9f 30 0d 06 09 2a 86 48 |.a.c.k0. .0...*.H| 0140 86 f7 0d 01 01 01 05 00-03 81 8d 00 30 81 89 02 |........ ....0...| 0150 81 81 00 c5 77 39 63 97-07 09 e3 c7 23 16 1d 54 |....w9c. ....#..T| 0160 1f 99 89 16 69 24 85 84-5f a2 8a 72 44 1a db 3d |....i$.. _..rD..=| 0170 43 ce b3 a8 a7 28 16 53-1e a2 f9 e4 e3 59 05 8f |C....(.S .....Y..| 0180 ba be 0b 69 5d d5 eb 1e-50 1e 8f 7a 9a 31 b6 6c |...i]... P..z.1.l| 0190 8c 74 1f 62 17 3e a7 18-af f8 08 df 06 f0 0b c4 |.t.b.>.. ........| 01a0 ca e6 0d 7f b0 e2 ad d8-b7 15 b9 2c cd 89 b3 3c |........ ...,...<| 01b0 3b 12 b8 fd 30 ca 52 ce-80 e2 e6 97 2c 39 cf f3 |;...0.R. ....,9..| 01c0 8e f2 69 db ca eb 68 92-f7 94 a6 9a 29 45 e1 e1 |..i...h. ....)E..| 01d0 ca 4f 09 02 03 01 00 01-30 0d 06 09 2a 86 48 86 |.O...... 0...*.H.| 01e0 f7 0d 01 01 05 05 00 03-81 81 00 58 c8 55 b7 cb |........ ...X.U..| 01f0 ad bd 96 16 2e b8 40 14-99 3a 58 39 cb f9 b5 84 |......@. .:X9....| 0200 bd ca 38 6e 32 8f b3 c6-87 0d 14 45 41 37 7c 55 |..8n2... ...EA7|U| 0210 df bf fc d6 a0 18 8a 58-85 3c 02 ad f7 e7 93 d6 |.......X .<......| 0220 06 7d d9 29 b0 b0 34 b1-87 31 f0 67 21 0b 7d 19 |.}.)..4. .1.g!.}.| 0230 0e a8 d7 c7 4d ef 0f 1c-ee 3f f9 06 33 41 29 20 |....M... .?..3A) | 0240 ad 16 39 19 44 45 57 57-ee c1 b6 17 73 fe f8 d6 |..9.DEWW ....s...| 0250 c2 81 80 39 22 61 21 ef-0a b4 17 af f2 b5 ec cf |...9"a!. ........| 0260 fa 0b 07 32 62 37 8f e2-7b 5e 49 0c 00 00 c7 03 |...2b7.. {^I.....| 0270 00 17 41 04 2c 96 81 e9-f9 38 36 41 65 84 16 b4 |..A.,... .86Ae...| 0280 dd 47 6e b9 f1 50 89 a9-09 07 47 1d 42 50 80 40 |.Gn..P.. ..G.BP.@| 0290 ab 0a c4 20 01 3e d0 94-a1 4f c3 ee 78 32 9e ad |... .>.. .O..x2..| 02a0 92 9b c2 c4 28 ea dc 45-2d 94 1a 8b db d4 96 a4 |....(..E -.......| 02b0 88 f0 5f b8 00 80 74 68-1a 4b 02 e9 c8 a8 77 d1 |.._...th .K....w.| 02c0 71 e3 8a 4c 91 89 0c 54-28 78 4c 85 35 f8 9f 02 |q..L...T (xL.5...| 02d0 43 b2 07 07 72 a7 90 37-81 32 c2 37 cd d6 b3 67 |C...r..7 .2.7...g| 02e0 c6 11 0e 8f 18 3e 11 a3-74 ed 04 81 d4 4d 1e f9 |.....>.. t....M..| 02f0 b4 24 88 a7 53 27 9b 66-7c 69 54 d6 33 ff 2f 17 |.$..S'.f |iT.3./.| 0300 0a 74 bf c2 64 48 96 69-c4 cd e5 dd 74 4f 39 02 |.t..dH.i ....tO9.| 0310 da fb 41 13 72 4e cd e3-05 ec 46 02 cb 91 9f 8d |..A.rN.. ..F.....| 0320 13 74 68 4f de 2e 36 01-fe d6 40 f3 94 51 aa 36 |.thO..6. ..@..Q.6| 0330 cc 3c e9 1d 44 81 0e 00-00 00 |.<..D... ..| 09:30:09.301204 41554 (tls.c:130):in tds_pull_func_login 09:30:09.301688 41554 (tls.c:160):in tds_push_func_login 09:30:09.301699 41554 (tls.c:1045):handshake failed with -1 6 1 09:30:09.301733 41554 (tls.c:1089):handshake failed 09:30:09.301736 41554 (login.c:599):login packet rejected 09:30:09.301739 41554 (query.c:3757):tds_disconnect() 09:30:09.301755 41554 (util.c:179):Changed query state from IDLE to DEAD 09:30:09.301759 41554 (util.c:333):tdserror(0x7fffffffe220, 0x80123b100, 20002, 0) 09:30:09.301762 41554 (util.c:363):tdserror: client library returned TDS_INT_CANCEL(2) 09:30:09.301765 41554 (util.c:386):tdserror: returning TDS_INT_CANCEL(2) 09:30:09.301773 41554 (util.c:333):tdserror(0x80121a060, 0x80123b100, 20002, 0) 09:30:09.301777 41554 (util.c:363):tdserror: client library returned TDS_INT_CANCEL(2) 09:30:09.301780 41554 (util.c:386):tdserror: returning TDS_INT_CANCEL(2) 09:30:09.301802 41554 (mem.c:656):tds_free_all_results() ========================================= ----------------------------------------- With DEFAULT_VERSIONS+=ssl=base ----------------------------------------- 09:41:08.770843 31050 (log.c:187):Starting log file for FreeTDS 1.3.10 on 2022-05-23 09:41:08 with debug flags 0xffff. 09:41:08.770877 31050 (iconv.c:367):tds_iconv_open(0x801047000, UTF-8) 09:41:08.771248 31050 (iconv.c:198):local name for ISO-8859-1 is ISO-8859-1 09:41:08.771253 31050 (iconv.c:198):local name for UTF-8 is UTF-8 09:41:08.771255 31050 (iconv.c:198):local name for UCS-2LE is UCS-2LE 09:41:08.771258 31050 (iconv.c:198):local name for UCS-2BE is UCS-2BE 09:41:08.772161 31050 (iconv.c:389):setting up conversions for client charset "UTF-8" 09:41:08.772165 31050 (iconv.c:391):preparing iconv for "UTF-8" <-> "UCS-2LE" conversion 09:41:08.772271 31050 (iconv.c:430):tds_iconv_open: done 09:41:08.772275 31050 (net.c:391):Connecting with protocol version 7.4 09:41:08.772290 31050 (net.c:318):Connecting to 164.68.108.xxx port 1433 09:41:08.772324 31050 (net.c:340):tds_setup_socket: connect(2) returned "Operation now in progress" 09:41:08.794919 31050 (net.c:528):tds_open_socket() succeeded 09:41:08.794939 31050 (packet.c:852):Sending packet 0000 12 01 00 3a 00 00 00 00-00 00 1a 00 06 01 00 20 |...:.... ....... | 0010 00 01 02 00 21 00 0c 03-00 2d 00 04 04 00 31 00 |....!... .-....1.| 0020 01 ff 09 00 00 00 00 00-00 4d 53 53 51 4c 53 65 |........ .MSSQLSe| 0030 72 76 65 72 00 4a 79 00-00 00 |rver.Jy. ..| 09:41:08.818087 31050 (packet.c:410):Received packet 0000 04 01 00 2b 00 00 01 00-00 00 1a 00 06 01 00 20 |...+.... ....... | 0010 00 01 02 00 21 00 01 03-00 22 00 00 04 00 22 00 |....!... ."....".| 0020 01 ff 0a 32 06 40 00 00-00 00 00 |...2.@.. ...| 09:41:08.818111 31050 (login.c:1342):detected crypt flag 0 09:41:08.819334 31050 (tls.c:1029):setting default openssl cipher to:HIGH:!SSLv2:!aNULL:-DH 09:41:08.819486 31050 (tls.c:160):in tds_push_func_login 09:41:08.819494 31050 (tls.c:130):in tds_pull_func_login 09:41:08.819498 31050 (packet.c:852):Sending packet 0000 12 01 01 4b 00 00 00 00-16 03 01 01 3e 01 00 01 |...K.... ....>...| 0010 3a 03 03 07 d6 63 cd f2-ec ca de 3e 2c 39 08 23 |:....c.. ...>,9.#| 0020 54 c1 2d 6d aa cd d7 73-e9 04 ae 6e 4c 41 f7 bd |T.-m...s ...nLA..| 0030 a0 9d ec 20 c1 27 04 33-03 fb dc 29 c3 a2 ce fe |... .'.3 ...)....| 0040 8c f5 20 f1 21 16 ad e7-09 a4 9b ff a5 f0 c4 dd |.. .!... ........| 0050 2d b5 6c b5 00 5c 13 02-13 03 13 01 c0 2c c0 30 |-.l..\.. .....,.0| 0060 cc a9 cc a8 c0 af c0 ad-c0 5d c0 61 c0 2b c0 2f |........ .].a.+./| 0070 c0 ae c0 ac c0 5c c0 60-c0 24 c0 28 c0 73 c0 77 |.....\.` .$.(.s.w| 0080 c0 23 c0 27 c0 72 c0 76-c0 0a c0 14 c0 09 c0 13 |.#.'.r.v ........| 0090 00 9d c0 a1 c0 9d c0 51-00 9c c0 a0 c0 9c c0 50 |.......Q .......P| 00a0 00 3d 00 c0 00 3c 00 ba-00 35 00 84 00 2f 00 41 |.=...<.. .5.../.A| 00b0 00 ff 01 00 00 95 00 0b-00 04 03 00 01 02 00 0a |........ ........| 00c0 00 0c 00 0a 00 1d 00 17-00 1e 00 19 00 18 00 23 |........ .......#| 00d0 00 00 00 16 00 00 00 17-00 00 00 0d 00 30 00 2e |........ .....0..| 00e0 04 03 05 03 06 03 08 07-08 08 08 09 08 0a 08 0b |........ ........| 00f0 08 04 08 05 08 06 04 01-05 01 06 01 03 03 02 03 |........ ........| 0100 03 01 02 01 03 02 02 02-04 02 05 02 06 02 00 2b |........ .......+| 0110 00 09 08 03 04 03 03 03-02 03 01 00 2d 00 02 01 |........ ....-...| 0120 01 00 33 00 26 00 24 00-1d 00 20 e8 dd eb 65 50 |..3.&.$. .. ...eP| 0130 dd 1a 94 a7 be 05 38 47-4f e0 c9 4e 90 96 22 02 |......8G O..N..".| 0140 c4 7b 8f 15 1d 08 33 dd-9b 7d 57 |.{....3. .}W| 09:41:08.843364 31050 (packet.c:410):Received packet 0000 12 01 03 3a 00 00 00 00-16 03 01 03 2d 02 00 00 |...:.... ....-...| 0010 51 03 01 62 8b 2c 85 14-cb 4b 8f 5a b8 00 6d 50 |Q..b.,.. .K.Z..mP| 0020 48 e0 d9 66 f1 8a d7 14-2b 71 99 74 1b 26 af 44 |H..f.... +q.t.&.D| 0030 0a ca 99 20 61 1d 00 00-92 38 af 39 03 83 35 7e |... a... .8.9..5~| 0040 bc 1c 9b 54 ff 02 67 f4-1d 2b df 98 5d ab 2c 4b |...T..g. .+..].,K| 0050 02 82 21 73 c0 14 00 00-09 00 17 00 00 ff 01 00 |..!s.... ........| 0060 01 00 0b 00 02 05 00 02-02 00 01 ff 30 82 01 fb |........ ....0...| 0070 30 82 01 64 a0 03 02 01-02 02 10 22 1e 76 c6 c2 |0..d.... ...".v..| 0080 59 b2 90 49 10 1f 7b d4-4a 2d f7 30 0d 06 09 2a |Y..I..{. J-.0...*| 0090 86 48 86 f7 0d 01 01 05-05 00 30 3b 31 39 30 37 |.H...... ..0;1907| 00a0 06 03 55 04 03 1e 30 00-53 00 53 00 4c 00 5f 00 |..U...0. S.S.L._.| 00b0 53 00 65 00 6c 00 66 00-5f 00 53 00 69 00 67 00 |S.e.l.f. _.S.i.g.| 00c0 6e 00 65 00 64 00 5f 00-46 00 61 00 6c 00 6c 00 |n.e.d._. F.a.l.l.| 00d0 62 00 61 00 63 00 6b 30-20 17 0d 32 32 30 35 32 |b.a.c.k0 ..22052| 00e0 32 32 30 35 31 34 39 5a-18 0f 32 30 35 32 30 35 |2205149Z ..205205| 00f0 32 32 32 30 35 31 34 39-5a 30 3b 31 39 30 37 06 |22205149 Z0;1907.| 0100 03 55 04 03 1e 30 00 53-00 53 00 4c 00 5f 00 53 |.U...0.S .S.L._.S| 0110 00 65 00 6c 00 66 00 5f-00 53 00 69 00 67 00 6e |.e.l.f._ .S.i.g.n| 0120 00 65 00 64 00 5f 00 46-00 61 00 6c 00 6c 00 62 |.e.d._.F .a.l.l.b| 0130 00 61 00 63 00 6b 30 81-9f 30 0d 06 09 2a 86 48 |.a.c.k0. .0...*.H| 0140 86 f7 0d 01 01 01 05 00-03 81 8d 00 30 81 89 02 |........ ....0...| 0150 81 81 00 c5 77 39 63 97-07 09 e3 c7 23 16 1d 54 |....w9c. ....#..T| 0160 1f 99 89 16 69 24 85 84-5f a2 8a 72 44 1a db 3d |....i$.. _..rD..=| 0170 43 ce b3 a8 a7 28 16 53-1e a2 f9 e4 e3 59 05 8f |C....(.S .....Y..| 0180 ba be 0b 69 5d d5 eb 1e-50 1e 8f 7a 9a 31 b6 6c |...i]... P..z.1.l| 0190 8c 74 1f 62 17 3e a7 18-af f8 08 df 06 f0 0b c4 |.t.b.>.. ........| 01a0 ca e6 0d 7f b0 e2 ad d8-b7 15 b9 2c cd 89 b3 3c |........ ...,...<| 01b0 3b 12 b8 fd 30 ca 52 ce-80 e2 e6 97 2c 39 cf f3 |;...0.R. ....,9..| 01c0 8e f2 69 db ca eb 68 92-f7 94 a6 9a 29 45 e1 e1 |..i...h. ....)E..| 01d0 ca 4f 09 02 03 01 00 01-30 0d 06 09 2a 86 48 86 |.O...... 0...*.H.| 01e0 f7 0d 01 01 05 05 00 03-81 81 00 58 c8 55 b7 cb |........ ...X.U..| 01f0 ad bd 96 16 2e b8 40 14-99 3a 58 39 cb f9 b5 84 |......@. .:X9....| 0200 bd ca 38 6e 32 8f b3 c6-87 0d 14 45 41 37 7c 55 |..8n2... ...EA7|U| 0210 df bf fc d6 a0 18 8a 58-85 3c 02 ad f7 e7 93 d6 |.......X .<......| 0220 06 7d d9 29 b0 b0 34 b1-87 31 f0 67 21 0b 7d 19 |.}.)..4. .1.g!.}.| 0230 0e a8 d7 c7 4d ef 0f 1c-ee 3f f9 06 33 41 29 20 |....M... .?..3A) | 0240 ad 16 39 19 44 45 57 57-ee c1 b6 17 73 fe f8 d6 |..9.DEWW ....s...| 0250 c2 81 80 39 22 61 21 ef-0a b4 17 af f2 b5 ec cf |...9"a!. ........| 0260 fa 0b 07 32 62 37 8f e2-7b 5e 49 0c 00 00 c7 03 |...2b7.. {^I.....| 0270 00 17 41 04 70 14 6b 8f-61 83 8d 18 a1 c7 94 69 |..A.p.k. a......i| 0280 69 9d 90 e5 97 9f 3e 1b-1a 97 3c fc ae 96 8b 8e |i.....>. ..<.....| 0290 ca d0 64 45 e5 8e 99 9b-9b 82 08 53 9a 47 22 aa |..dE.... ...S.G".| 02a0 54 50 0d 3c be fd 47 f8-12 ff 1d 62 ee c9 88 ad |TP.<..G. ...b....| 02b0 88 2c 49 92 00 80 84 27-e1 5e ae 24 f9 31 5e 94 |.,I....' .^.$.1^.| 02c0 80 28 b9 98 54 b3 a6 94-5b 46 58 20 0c d7 bd 32 |.(..T... [FX ...2| 02d0 f1 a8 49 7d 2e 2d bd 9e-f7 2a 3f b6 19 72 19 d5 |..I}.-.. .*?..r..| 02e0 7f c4 64 7a e8 d7 01 8e-5b 8b 97 32 5c 5f f0 9b |..dz.... [..2\_..| 02f0 4f ee 47 0e d6 a4 6e 07-0f f9 78 7e 02 53 e2 72 |O.G...n. ..x~.S.r| 0300 59 c1 16 c5 0b 2b 98 6d-84 b9 d4 ac b8 4c a3 0d |Y....+.m .....L..| 0310 49 fa 6b e0 b4 f0 d8 62-2e 0c 50 96 64 a6 e6 7a |I.k....b ..P.d..z| 0320 a9 23 91 80 59 aa ae f8-de 9b 09 a2 d7 32 5c 3b |.#..Y... .....2\;| 0330 ac ff ab 9c 60 d4 0e 00-00 00 |....`... ..| 09:41:08.843460 31050 (tls.c:130):in tds_pull_func_login 09:41:08.843975 31050 (tls.c:160):in tds_push_func_login 09:41:08.843982 31050 (tls.c:130):in tds_pull_func_login 09:41:08.843987 31050 (packet.c:852):Sending packet 0000 12 01 00 8e 00 00 00 00-16 03 01 00 46 10 00 00 |........ ....F...| 0010 42 41 04 ec a0 e0 cb a6-54 36 41 25 15 92 8c 47 |BA...... T6A%...G| 0020 cc e5 65 dd 3c 01 18 ea-03 ed 5f 53 c9 fb eb 24 |..e.<... .._S...$| 0030 73 98 df 69 a3 17 be e3-73 d9 78 19 71 9d 6b 1f |s..i.... s.x.q.k.| 0040 6c 5f 20 5b dd ee ca 37-2d b0 25 a8 cc 39 e9 f0 |l_ [...7 -.%..9..| 0050 19 53 95 14 03 01 00 01-01 16 03 01 00 30 eb 04 |.S...... .....0..| 0060 61 48 2a b2 dd 87 d2 b6-e2 5a a9 88 9d bc e3 c0 |aH*..... .Z......| 0070 0b f8 e4 ba 1b 65 4e b8-d7 ef 60 6a af 50 90 cf |.....eN. ..`j.P..| 0080 ac 85 78 98 b5 ec 1b fd-5f 93 1b 2a e9 e1 |..x..... _..*..| 09:41:08.868441 31050 (packet.c:410):Received packet 0000 12 01 00 43 00 00 00 00-14 03 01 00 01 01 16 03 |...C.... ........| 0010 01 00 30 59 ed 21 ca c0-70 2c 77 f5 a7 22 1a e4 |..0Y.!.. p,w.."..| 0020 b7 df 77 d4 fd 74 0e 88-9c 2f d7 47 ed 28 0d c3 |..w..t.. ./.G.(..| 0030 34 cc 6d 7c 71 4f c8 d6-aa f3 8c 18 8e 56 94 f2 |4.m|qO.. .....V..| 0040 b6 db a1 - |...| 09:41:08.868467 31050 (tls.c:130):in tds_pull_func_login 09:41:08.868487 31050 (tls.c:130):in tds_pull_func_login 09:41:08.868490 31050 (tls.c:130):in tds_pull_func_login 09:41:08.868527 31050 (tls.c:1065):handshake succeeded!! 09:41:08.868538 31050 (login.c:1053):quietly sending TDS 7+ login packet 09:41:08.868599 31050 (token.c:418):tds_process_login_tokens()
I tried with Debian 11 + OpenSSL 1.1.1n and the same issue exist there too. With Debian 11 + GnuTLS the issue doesn't exist.
We had trouble using databases/py-pymssql (DEFAULT_VERSIONS=ssl=openssl) until we changed the SSL/TLS option from openssl to gnutls. This was on 13.1-RELEASE.
(In reply to Craig Leres from comment #24) Yes it doesn't work with: 1) DEFAULT_VERSIONS=ssl=base 2) DEFAULT_VERSIONS=ssl=openssl 3) DEFAULT_VERSIONS=ssl=openssl-devel The same issue with Linux. I try to find some free time to do tests with older openssl versions on a Linux VPS to see which one causes the issue.
I think the best solution is to switch to GNUTLS. This has been going on for long and the upstream doesn't have a solution for this other than using lower TDSVERSION or insecure ciphers.
(In reply to Muhammad Moinur Rahman from comment #26) I prefer not install GnuTLS (something to worry extra for security issues) just for FreeTDS. And I don't think it's something related to FreeTDS either. The same FreeTDS version was working with older OpenSSL version.
(In reply to Christos Chatzaras from comment #25) Sure, but changing DEFAULT_VERSIONS=ssl=... impacts a *lot* of unrelated ports while changing changing databases/freetds gnutls is a less impactful workaround.
(In reply to Craig Leres from comment #28) I actually meant that. Switching the default of freetds to GNUTLS while marking the OPENSSL option as broken. Not like switching the DEFAULTS.
(In reply to Muhammad Moinur Rahman from comment #29) If you can switch the default to GnuTLS and have an option to select OpenSSL I am fine with it as I don't use packages. Tomorrow I will try to see which exactly OpenSSL version is related to the issue and I will submit a PR to OpenSSL so see if they know something about it.
I have a linux VPS that I want to compile FreeTDS with an different OpenSSL version. I compiled openssl 1.1.1k and then I compiled FreeTDS: ./configure --with-openssl=/root/openssl-1.1.1k/include/openssl make But when I run ldd tsql it shows it's linked with the system OpenSSL: linux-vdso.so.1 (0x00007ffefc176000) libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f724f41c000) libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f724f128000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f724f106000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f724ef41000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f724ef3b000) /lib64/ld-linux-x86-64.so.2 (0x00007f724f503000) Any idea why it doesn't link it with /root/openssl-1.1.1k/include/openssl ?
(In reply to Christos Chatzaras from comment #31) You need to set LD_LIBRARY_PATH environment variable. ref: https://stackoverflow.com/questions/13428910/how-to-set-the-environmental-variable-ld-library-path-in-linux
It worked with LD_LIBRARY_PATH: LD_LIBRARY_PATH=/root/111k/lib ldd $HOME/freetds/bin/tsql ------- And here are the results: 1) FreeTDS 1.3.10 + OpenSSL 1.1.1k = SUCCESS 2) FreeTDS 1.3.10 + OpenSSL 1.1.1l = FAIL ------- So the first version that doesn't work is 1.1.1l. And also it's not related only to FreeBSD as the same issue exist with Linux. ------- I report it here too: https://github.com/openssl/openssl/issues/18433
(In reply to Muhammad Moinur Rahman from comment #29) Good news. I test this patch and it works: https://github.com/FreeTDS/freetds/issues/458#issuecomment-1141407408 Can you create a ports patch with this? If you want me to do it let me know.
(In reply to Christos Chatzaras from comment #34) Will take care tomorrow. Have one more bug to take care of.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=399af2d69e8383a7e77ba9dfa0e3bd02bbdc9ab6 commit 399af2d69e8383a7e77ba9dfa0e3bd02bbdc9ab6 Author: Muhammad Moinur Rahman <bofh@FreeBSD.org> AuthorDate: 2022-05-31 06:14:13 +0000 Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org> CommitDate: 2022-05-31 06:14:13 +0000 databases/freetds: Runtime fix with latest openssl - FreeTDS fails to connect with MsSQL after the latest updates of OpenSSL specially after the release of 13.1 SNAPSHOTS including 13.1-RELEASE and more specifically when openssl turned into 1.1.1l See the following for more details: https://github.com/FreeTDS/freetds/issues/458 - After the upgrade to version 1.3.9 FreeTDS fails to upgrade when using ports tree. [1] PR: 261967 263641 [1] Reported by: jsc@ntu.edu.tw eugen [1] databases/freetds/Makefile | 4 +- databases/freetds/files/patch-src_tds_tls.c | 70 ++++++++++++++++++++++++++--- 2 files changed, 68 insertions(+), 6 deletions(-)
Thanks to everyone for their patience and sharing the details in every step.
Thank you for your work. Also fixed in 1.3.11.
Sadly, the patch did work in Linux but not in FreeBSD. I will do some more tests with FreeBSD.
Oops. Sorry to hear that. There are some additional patches for ssl/tls in the files folder. You can have a look at it.
In FreeBSD: 1) If I compile OpenSSL 1.1.1o and FreeTDS 1.3.11 on my home dir and tsql connection works fine. 2) If I compile FreeTDS 1.3.11 and use openssl-base then doesn't work. Is it strange that in both cases 1.1.1o is used and with openssl-base doesn't work?
Also with DEFAULT_VERSIONS+=ssl=openssl doesn't work.
With the OpenSSL 1.1.1o from base but also the same result with openssl port: fetch ftp://ftp.freetds.org/pub/freetds/stable/freetds-1.3.11.tar.gz tar xf freetds-1.3.11.tar.gz cd freetds-1.3.11 ./configure --with-openssl=/usr --prefix=$HOME/freetds --enable-msdblib --enable-sybase-compat --with-tdsver=7.4 CPPFLAGS="-I/usr/include" LDFLAGS="-I/usr/lib" gmake gmake install $HOME/freetds/bin/tsql -S 164.68.108.xxx -D database -P 'password' -U username locale is "C.UTF-8" locale charset is "UTF-8" using default charset "UTF-8" Setting LimAux as default database in login packet 1 RESULT: CONNECTION FAILS ------------------------------------ With a compiled OpenSSL 1.1.1o : fetch https://www.openssl.org/source/openssl-1.1.1o.tar.gz tar xf openssl-1.1.1o.tar.gz cd openssl-1.1.1o ./config --prefix=$HOME/111o cd freetds-1.3.11 ./configure --with-openssl=$HOME/111o --prefix=$HOME/freetds --enable-msdblib --enable-sybase-compat --with-tdsver=7.4 CPPFLAGS="-I/usr/include" LDFLAGS="-I/usr/lib" gmake gmake install LD_LIBRARY_PATH=$HOME/111o/lib $HOME/freetds/bin/tsql -S 164.68.108.xxx -D database -P 'password' -U username locale is "C.UTF-8" locale charset is "UTF-8" using default charset "UTF-8" Setting LimAux as default database in login packet 1> RESULT: CONNECTION SUCCESS
I believe the issue is related to KTLS patch. I removed all patches from /usr/ports/security/openssl/files and removed KTLS support from Makefile and rebuild the port and tsql works. I will do some more tests to be sure it's related to KTLS or other patch.
I put back the patches inside /usr/ports/security/openssl/files and restore the original Makefile. Then I use "make config" and remove "KTLS". Then I rebuild the openssl port and tsql works. -------------- So there were 2 unrelated issues: 1) Some OpenSSL changes between 1.1.1k and 1.1.1l which solved using this patch: https://github.com/FreeTDS/freetds/issues/458#issuecomment-1141407408 2) The KTLS patch for OpenSSL "port" which I believe the same is used in "base" makes tsql not able to connect to MS SQL. -------------- Temporary solution: 1) Add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf 2) Remove TLS option from openssl port using "make config" 2) Make deinstall && reinstall freetds port --------------- @brnrd Can you please have a look?
Maybe this is related? https://cgit.freebsd.org/src/commit/?h=stable/13&id=2e6f247ca49bf21deb3f6300d6da29544785a20e
(In reply to Christos Chatzaras from comment #46) I upgrade a test server to 13-STABLE and didn't solve the issue with the base OpenSSL. So not related to this patch.
(In reply to Christos Chatzaras from comment #47) Overall I think it is better to switch the freetds option of OPENSSL to GNUTLS. That is the quick fix I can make from my side.
(In reply to Muhammad Moinur Rahman from comment #48) As long as you don't remove the port option for OpenSSL I am ok with this. I use ports and not precompiled packages. OpenSSL from ports with KTLS patch disabled works fine.
(In reply to Christos Chatzaras from comment #49) No I am not removing it but I am going to add a line like the following: OPENSSL_BROKEN= requires openssl from ports with TLS option disabled. Or I can add a pkg-message.
Dear all. I can confirm that Freebsd: 13.1-RELEASE FreeTDS: 1.3.11-1 (manually installed via ports with openssl option) OpenSSL: on (1.1.1o-freebsd) GnuTLS: off connection: FAILED Freebsd: 13.1-RELEASE FreeTDS: 1.3.11-1 (manually installed via ports with gnutls option) OpenSSL: off (1.1.1o-freebsd) GnuTLS: on connection: OK Sqlserver version: 12 Best regards, Paolo Tealdi
(In reply to Paolo Tealdi from comment #51) If you want to use the OpenSSL port then you have to disable the KTLS option using "make config". I will do more tests in the future with both 13-STABLE and OpenSSL port to see if the KTLS support works.
Throwing in with the rest, I ran into issues connecting to MSSQL after upgrading the freetds package using pkg upgrade. I eventually found that compiling FreeTDS from source (1.3.120) with these flags solved connection issues for me: ./configure --with-gnutls --with-unixodbc
Does someone test FreeTDS with OpenSSL 3.0 (now is included in security/openssl port) with KTLS offload enabled?
(In reply to Christos Chatzaras from comment #54) It works again on FreeBSD 14.0-RC1! Thanks everyone! 1. H/W: VM on vmware workstation 17 2. OS: FreeBSD 14.0-RC1 3. freetds 1.4.2,1 installed using pkg 4. destination database: Microsoft SQL Server 2019 some message from TDSDUMP: log.c:187:Starting log file for FreeTDS 1.4.2 on 2023-10-16 16:14:13 with debug flags 0x4fff. iconv.c:371:tds_iconv_open(0x301d13048000, UTF-8, 1) iconv.c:202:local name for ISO-8859-1 is ISO-8859-1 iconv.c:202:local name for UTF-8 is UTF-8 iconv.c:202:local name for UCS-2LE is UCS-2LE iconv.c:202:local name for UCS-2BE is UCS-2BE iconv.c:390:setting up conversions for client charset "UTF-8" iconv.c:392:preparing iconv for "UTF-8" <-> "UCS-2LE" conversion iconv.c:431:tds_iconv_open: done net.c:391:Connecting with protocol version 7.4 net.c:318:Connecting to aaa.bbb.ccc.ddd port 1433 net.c:340:tds_setup_socket: connect(2) returned "Operation now in progress" net.c:528:tds_open_socket() succeeded packet.c:852:Sending packet 0000 12 01 00 3a 00 00 00 00-00 00 1a 00 06 01 00 20 |...:.... ....... | 0010 00 01 02 00 21 00 0c 03-00 2d 00 04 04 00 31 00 |....!... .-....1.| 0020 01 ff 09 00 00 00 00 00-01 4d 53 53 51 4c 53 65 |........ .MSSQLSe| 0030 72 76 65 72 00 e9 03 00-00 00 |rver.... ..| packet.c:410:Received packet 0000 04 01 00 2b 00 00 01 00-00 00 1a 00 06 01 00 20 |...+.... ....... | 0010 00 01 02 00 21 00 01 03-00 22 00 00 04 00 22 00 |....!... ."....".| 0020 01 ff 0f 00 07 d0 00 00-01 00 00 |........ ...| login.c:1387:detected crypt flag 1 tls.c:1023:setting default openssl cipher to:HIGH:!SSLv2:!aNULL:-DH tls.c:151:in tds_push_func_login tls.c:121:in tds_pull_func_login packet.c:852:Sending packet 0000 12 01 01 41 00 00 00 00-16 03 01 01 34 01 00 01 |...A.... ....4...| 0010 30 03 03 91 54 45 66 d6-04 90 69 d7 98 f2 88 e5 |0...TEf. ..i.....| 0020 bb ae 7f 17 b8 c5 c6 34-77 5d 59 ad 51 57 15 b1 |.......4 w]Y.QW..| 0030 03 88 4c 20 6b 47 d6 c9-05 5f 24 90 8d 69 4a 8a |..L kG.. ._$..iJ.| 0040 d9 f9 ab b4 52 9b 57 1a-8c c5 35 99 ed f6 fd b7 |....R.W. ..5.....|
(In reply to Jason Chang from comment #55) Do you use the base OpenSSL or the port?
(In reply to Christos Chatzaras from comment #56) I use the base OpenSSL. In fact, the test was on a fresh installed system. I did not modify anything except "pkg install freetds".
(In reply to Jason Chang from comment #57) So something changed to the KTLS code in the 14.0 kernel. I am curious if it works with 13.2 but now I have no free systems to test. I will wait to upgrade to 14.0 and then switch to the base openssl.
(In reply to Christos Chatzaras from comment #58) The major changes are OpenSSL versions from 1.1.1 to 3.0.9. If you want to try 13.2 and OpenSSL 3.0.X then use DEFAULT_VERSIONS+= ssl=openssl and rebuild all ports.
(In reply to Muhammad Moinur Rahman from comment #59) The openssl111 port has option "Kernel TLS offload". With this disabled FreeTDS connections work. So I believe that the issue is caused by the KTLS and something changed between FreeBSD 13.0 and 13.1. The openssl (3.0) port has option "Use in-kernel TLS (FreeBSD >13)". I guess with this disabled the connection will work. What I don't know is if with the KTLS option enabled if the connection will work. If it works then I am sure that the base openssl will work too.
Can someone try with FreeTDS version 1.4.7 or newer?