18 Feb 2021 - by 'Maurits van der Schee'
Installing the PHP SQL Server driver (PDO_SQLSRV) on a Debian 10 Linux system requires several steps, starting with the installation of the Microsoft ODBC Driver. Note that Debian requires TLS 1.2 and if your SQL Server does not support that you will run into "Error code 0x2746". This post will explain how to resolve that issue.
First we make sure to install the Microsoft ODBC Driver for SQL Server on Linux.
sudo apt -y install curl curl -s https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - sudo bash -c "curl -s https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list" sudo apt -y update sudo ACCEPT_EULA=Y apt -y install msodbcsql17 mssql-tools sudo apt -y install unixodbc-dev
After this installation you need to compile and install the drivers:
sudo apt -y install gcc g++ make autoconf libc-dev pkg-config sudo apt -y install php-pear php-dev sudo pecl install sqlsrv sudo pecl install pdo_sqlsrv
To enable the drivers we need to register the drivers as available mods and enable them:
echo "extension=sqlsrv.so" | sudo tee /etc/php/7.3/mods-available/sqlsrv.ini echo "extension=pdo_sqlsrv.so" | sudo tee /etc/php/7.3/mods-available/pdo_sqlsrv.ini sudo phpenmod sqlsrv pdo_sqlsrv
If you then run into the following error message:
SQLSTATE: [Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Error code 0x2746
This means you need to upgrade (or patch) your SQL Server installation to support TLS 1.2. Some people suggest downgrading the OpenSSL package (from 1.1.1 to 1.0.x), but I recommend against that. If you really cannot upgrade, then you may have to change the CipherString of OpenSSL to allow for (older) SQL Server compatibility (Note that this is a system-wide default):
sudo sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf
Alternatively, you can manually look for 'CipherString' in the file '/etc/ssl/openssl.cnf' and adjust it's value:
#lower seclevel for (old) sqlserver #CipherString = DEFAULT@SECLEVEL=2 CipherString = DEFAULT@SECLEVEL=1
This should get you started. If you want more information, check out the links below.