O M G - thanks for the heads up! imho that is going to cause no end of tickets for them

this change is documented in Breaking Changes section in the release notes:

https://github.com/dotnet/SqlClient/blob/main/release-notes/4.0/4.0.0.md

you've always to expect breaking changes when switching major number of a package/library or product.

Of course, encryption is on by default for Azure SQL Server, and that's what Microsoft really want you to use these days...

@Mark - sure but then again, when do you ever not copy the crazy connection string from Azure directly out of the portal? It's not like they can't put the flag in there. Nobody in their right mind would type that connection string manually.

I appreciate this change - secure defaults are the way to go!
There are so many issues and breaches out there just because insecure defaults!

I your case:

1. Always read release notes for a major version (there are breaking changes all the time) 😉
2. I'd recommend using TrustServerCertificate=true; instead of disabling the encryption by default

In regards to Daniel's point about expecting breaking changes in major version updates.

The Connection strings in my Apps haven't changed in 20 years, this is the first occurrence of a "Breaking Change" going back to .Net Framework 1.0

It's kind of a big thing, thanks for pointing it out Rick!

I'm going to add "Encrypt=False" to all my connection strings in all my projects, since by the time I upgrade them I'll probably forget that I read this here and go nuts trying to figure it out 😯

Cheers

Thanks Rick! I just bumped into this issue. Knew I had seen this blogpost and just had to find it. Took me 2 minutes to 'fix' it. Using this option also works for like, as another reader pointed out. TrustServerCertificate=true;

Thanks Rick! I spend a few days debugging this and I could not find any related resources on the web.

Thanks again Rick for your continued sharing of excellent tips and helpful advice. Luckily I found your post relatively quickly, so I only spent about a half hour on this.

Awesome, many thanks for this - just hit the same issue migrating from Core 3.1 to .Net 6 where upgraded the Microsoft.Data.SqlClient package at the same time!

Just bumped into this problem after migrating from System.Data.SqlClient to Microsoft.Data.SqlClient. Thanks Rick!

that made all my dependent tests suddenly to fail, when everything was building... doh... thanks for the post, a lifesaver 😉

I hadn't come across your posts in a while, but this issue totally hit me today and my first reaction was "OH THAT GUY!" - thanks as always.

Hey Rick! Been wondering for past 30 minutes what might be wrong with my connection. I even tested my previous projects and connection worked all fine. Despite setting up everything as per my previous projects the connection open method always failed until I found your solution.

Thanks for this!

Just got hit by this one while migrating a project from System.Data.SqlClient to Microsoft.Data.SqlClient. I'm fine with the change to the default but that error message could be a lot better. Instead of throwing a certificate exception, SqlClient should be aware that since the server returned to certificate and the connection string expects encryption, that the mismatch is the issue, not the (non-existent) remote certificate.

Year 2023: I upgraded a project from ".NET Core 3.1" to ".NET 6". Some nuget packages had to be updated too; one of them was "Microsoft.Data.SqlClient". I got the above error, another gray hair, and gladly found your solution.

Year 2024: I am upgrading a project from ".NET Core 3.1" to ".NET 8". Some nuget packages had to be updated too; one of them was "Microsoft.Data.SqlClient". I get the above error, another gray hair, and gladly found your solution, again.

Thank you for your blog post! And see you next year in 2025. xD