November 5, 2021 at 7:54 pm
I'm trying to get 2 servers to communicate using TLS 1.2. On the calling web sever I have disabled TLS 1.0 and TLS 1.1 - leaving TLS 1.2 enabled. On the SQL Server TLS 1.0, 1.1 and 1.2 are all enabled. I have installed MSOLEDBSQL driver on both servers. The database server is running SQL Server 2016 - which should be compatible with TLS 1.2. I also installed recent ODBC drivers.
But when I try testing it (for example using Data link) I get the DBNETLIB SSL Security error - this is clearly to do with TLS - because when I re-enable TLS 1.0 and 1.1 (and reboot) it works.
What else do I need to change?
November 6, 2021 at 8:10 pm
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
November 10, 2021 at 7:27 am
I don't have a workaround for the data link sample.
But when using .Net applications you have to add the Tls12 to the security protocol:
Net.ServicePointManager.SecurityProtocol = Net.ServicePointManager.SecurityProtocol Or Net.SecurityProtocolType.Tls12
for SQL database mail you have to change registry keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
Patrick
Patrick SIMONS, MCP
November 12, 2021 at 1:31 pm
We recently went through this also. There are multiple places that need to be updated when moving to a TLS 1.2 and strong cipher architecture. Here are some articles that helped us.
Common issues when enabling TLS 1.2
SQL Server on TLS 1.2: Checklist to disabling TLS 1.1 and 1.0
How to enable TLS 1.2 on the site servers and remote site systems
SQL Server on TLS 1.2: XEvent session to catch TLS in use
Required SQL and OS patches for TLS 1.2
There are a bunch of other articles that may give more incite, but these should get you started.
Richard
Just learning about databases and Sql Server since 1998.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply