Post reply

TLS 1.2 communication problem

  • November 5, 2021 at 7:54 pm

    #3948471

    I'm trying to get 2 servers to communicate using TLS 1.2. On the calling web sever I have disabled TLS 1.0 and TLS 1.1 - leaving TLS 1.2 enabled. On the SQL Server TLS 1.0, 1.1 and 1.2 are all enabled. I have installed MSOLEDBSQL driver on both servers. The database server is running SQL Server 2016 - which should be compatible with TLS 1.2. I also installed recent ODBC drivers.

    But when I try testing it (for example using Data link) I get the DBNETLIB SSL Security error - this is clearly to do with TLS - because when I re-enable TLS 1.0 and 1.1 (and reboot) it works.

    What else do I need to change?

  • November 6, 2021 at 8:10 pm

    #3948687

    Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

  • November 10, 2021 at 7:27 am

    #3949781

    I don't have a workaround for the data link sample.

    But when using .Net applications you have to add the Tls12 to the security protocol:

    Net.ServicePointManager.SecurityProtocol = Net.ServicePointManager.SecurityProtocol Or Net.SecurityProtocolType.Tls12

    for SQL database mail you have to change registry keys:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto"=dword:00000001

    Patrick

     

    Patrick SIMONS, MCP

  • November 12, 2021 at 1:31 pm

    #3952389

    We recently went through this also. There are multiple places that need to be updated when moving to a TLS 1.2 and strong cipher architecture. Here are some articles that helped us.

    Common issues when enabling TLS 1.2

    SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0

    How to enable TLS 1.2 on the site servers and remote site systems

    SQL Server on TLS 1.2: XEvent session to catch TLS in use

    Required SQL and OS patches for TLS 1.2

    There are a bunch of other articles that may give more incite, but these should get you started.

    Richard

    Just learning about databases and Sql Server since 1998.

     

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply