April 21, 2023 at 11:11 am
Hi,
Has anyone had any experience in changing Database mail to use TLS 1.2....that would be enabling the Checkbox to use SSL in the mail configuration.
I have added the registry settings as per a number of sources.
To clarify do I need to restart Server, services or just agent.
One source said agent would be good enough which I tried but I have the situation now where one profile works and one doesn't (with the checkbox ticked)and even when I untick....the non working profile still does not work ??
The servers I am working on are quite big so I am reluctant to restart if I can avoid. Although if they need to then I will via some schedule.
Does anyone have a set procedure that they follow ?
Many Thanks if you have any thoughts
Graeme
April 21, 2023 at 12:28 pm
Could you confirm which registry keys you have enabled?
Did you also enable the ones for .Net to be able to use strong cryptography? (Note .Net registry keys are only needed for SQL 2016 and below due to a version of .Net in use for DBMail which doesn't natively support TLS1.2)
But yes after enabling the needed registry keys for .Net you will need to restart the server for them to take effect.
April 21, 2023 at 12:49 pm
Hi
Thanks for that
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
April 21, 2023 at 12:54 pm
Yeah that all looks good.
The .NET ones need a full OS restart to take effect though I am afraid.
April 21, 2023 at 1:01 pm
Hmmm...i feared that.
thank you very much for the clarity and confirmation.
🙂
April 21, 2023 at 1:11 pm
Ok..
So i've managed to get the server restarted
I've enabled the checkbox against the profile to send using SSL
The mails now longer send
For info the emails worked before :(...on Port 587
Does anything else need to be changed off server i.e. on the mail server ??
Thanks
Graeme
April 26, 2023 at 7:36 am
This was removed by the editor as SPAM
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply