TLS 1.2 communication problem

  • I'm trying to get 2 servers to communicate using TLS 1.2. On the calling web sever I have disabled TLS 1.0 and TLS 1.1 - leaving TLS 1.2 enabled. On the SQL Server TLS 1.0, 1.1 and 1.2 are all enabled. I have installed MSOLEDBSQL driver on both servers. The database server is running SQL Server 2016 - which should be compatible with TLS 1.2. I also installed recent ODBC drivers.

    But when I try testing it (for example using Data link) I get the DBNETLIB SSL Security error - this is clearly to do with TLS - because when I re-enable TLS 1.0 and 1.1 (and reboot) it works.

    What else do I need to change?

  • Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

  • I don't have a workaround for the data link sample.

    But when using .Net applications you have to add the Tls12 to the security protocol:

    Net.ServicePointManager.SecurityProtocol = Net.ServicePointManager.SecurityProtocol Or Net.SecurityProtocolType.Tls12

    for SQL database mail you have to change registry keys:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto"=dword:00000001

    Patrick

     

    Patrick SIMONS, MCP

  • We recently went through this also. There are multiple places that need to be updated when moving to a TLS 1.2 and strong cipher architecture. Here are some articles that helped us.

    Common issues when enabling TLS 1.2

    SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0

    How to enable TLS 1.2 on the site servers and remote site systems

    SQL Server on TLS 1.2: XEvent session to catch TLS in use

    Required SQL and OS patches for TLS 1.2

    There are a bunch of other articles that may give more incite, but these should get you started.

    Richard

    Just learning about databases and Sql Server since 1998.

     

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply