Post reply

Workplace Encounter: Effects of TLS 1.2

  • January 2, 2019 at 11:46 pm

    #416597

    Comments posted to this topic are about the item Workplace Encounter: Effects of TLS 1.2

    Br. Kenneth Igiri
    https://kennethigiri.com
    All nations come to my light, all kings to the brightness of my rising

  • January 3, 2019 at 2:39 am

    #2017829

    Hi thanks for the article.

    What Windows & SQL Server version were you using?

  • January 3, 2019 at 3:39 am

    #2017833

    We are currently going through that pain at the moment. So I'd like to add to your list of issues for consideration

    Ensuring that the encryption certificate works for SQL, is in date and has a valid path - Requires Certificates plug-in for MMC
    Ensuring that the Server service account has read permissions on the encryption certificate - ditto
    Ensuring your users haven't over-written the compatible version of SQL Tools with an older, incompatible version or are just referencing one. - Check path variables and shortcut links
    Getting your users to track down all those connection strings in various spreadsheets/apps and updating them to use the right drivers
    Getting your BI Team to re-compile SSIS packages to be TLS 1.2 compatible
    Updating SSRS to use HTTPS port, configurating all your firewalls to allow that, and all your links to use it

    I have to add that creating an Extended Events session that tracks the trace event looking for function_name = SSL::Handshake helps a lot in later versions of SQL. Also having a test environment that models the infrastructure, not just individual VMs, systems or applications. Otherwise you'll find yourself testing in Production.

  • January 3, 2019 at 10:57 am

    #2017901

    I had trouble with IISCrypto. Instead, we used Set-Ciphers and DetectCipherConfig Powershell scripts developed by someone at Microsoft. We had a lot of machines to do and these really helped. It's tough to know all the downstream connections so even though we put out a communique on this, we had folks coming out of the woodwork with spreadsheet, ODBC, SSIS and SSRS connection issues. These got solved by updates on their end.

    Ken

  • January 3, 2019 at 2:56 pm

    #2017926

    Br. Kenneth Igiri - Wednesday, January 2, 2019 11:46 PM

    Comments posted to this topic are about the item Workplace Encounter: Effects of TLS 1.2

    Rob-1134588 - Thursday, January 3, 2019 2:39 AM

    Hi thanks for the article.

    What Windows & SQL Server version were you using?

    Windows 2012 R2, SQL Server 2016

    Br. Kenneth Igiri
    https://kennethigiri.com
    All nations come to my light, all kings to the brightness of my rising

  • January 3, 2019 at 2:58 pm

    #2017927

    gavin.harris 53577 - Thursday, January 3, 2019 3:39 AM

    We are currently going through that pain at the moment. So I'd like to add to your list of issues for consideration

    Ensuring that the encryption certificate works for SQL, is in date and has a valid path - Requires Certificates plug-in for MMC
    Ensuring that the Server service account has read permissions on the encryption certificate - ditto
    Ensuring your users haven't over-written the compatible version of SQL Tools with an older, incompatible version or are just referencing one. - Check path variables and shortcut links
    Getting your users to track down all those connection strings in various spreadsheets/apps and updating them to use the right drivers
    Getting your BI Team to re-compile SSIS packages to be TLS 1.2 compatible
    Updating SSRS to use HTTPS port, configurating all your firewalls to allow that, and all your links to use it

    I have to add that creating an Extended Events session that tracks the trace event looking for function_name = SSL::Handshake helps a lot in later versions of SQL. Also having a test environment that models the infrastructure, not just individual VMs, systems or applications. Otherwise you'll find yourself testing in Production.

    Very useful thanks a lot. Will definitely try out the Extended events event. And I do confirm at some point we experienced something like "Ensuring your users haven't over-written the compatible version of SQL Tools with an older, incompatible version or are just referencing one"

    Br. Kenneth Igiri
    https://kennethigiri.com
    All nations come to my light, all kings to the brightness of my rising

  • January 3, 2019 at 2:59 pm

    #2017928

    ken.trock - Thursday, January 3, 2019 10:57 AM

    I had trouble with IISCrypto. Instead, we used Set-Ciphers and DetectCipherConfig Powershell scripts developed by someone at Microsoft. We had a lot of machines to do and these really helped. It's tough to know all the downstream connections so even though we put out a communique on this, we had folks coming out of the woodwork with spreadsheet, ODBC, SSIS and SSRS connection issues. These got solved by updates on their end.

    Ken

    Thanks a lot Ken. Will keep in mind.

    Br. Kenneth Igiri
    https://kennethigiri.com
    All nations come to my light, all kings to the brightness of my rising

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply