Menu
I've SQL server 2016 running on windows 2012 R2 and I applied the patch for TLSv1.2 support and rebooted the VM, https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server I do see TLS 1.2 being enabled using IISCrypto tool on the SQL Server VM
We have Java 8 web application and we've forced the web application to use only TLS1.2 using JVM argument -Djdk.tls.client.protocols="TLSv1.2" (If I remove this JVM argument application connects to sql server fine), but we are seeing below error though TLSv1.2 is enabled for SQL server
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1, but that protocol version is not enabled or not supported by the client.". ClientConnectionId:7564b6a1-60c0-4a24-8baa-7bd21f9512cf)
We also have a .Net 2.0 windows service (only TLSv1.2 is enabled in registry) which is also failing to connect to SQL Server 2016
System.Data.OleDb.OleDbException: [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.
at System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString constr, OleDbConnection connection)
at System.Data.OleDb.OleDbConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup)
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.OleDb.OleDbConnection.Open()
But if I enable SSL3 and TLS1.0 in the registry, .Net 2.0 windows service connects to SQL Server 2016 fine.
I suspect, the issue is SQL Server not using TLSv1.2 though TLSv1.2 is enabled on the SQL Server VM, Can someone please help me if there anymore config or patches needs to be applied for SQL Server to support TLSv1.2 ?
744
SQL Server 2016, SQL Server 2017, and SQL Server 2019 support TLS 1.2 without the need for an update. Several known vulnerabilities have been reported against SSL and earlier versions of Transport Layer Security (TLS). We recommend that you upgrade to TLS 1.2 for secure communication.
Windows 8.1, Windows Server 2012 R2, Windows 10, Windows Server 2016, and later versions of Windows natively support TLS 1.2 for client-server communications over WinHTTP.
Microsoft Windows Server stores information about different security-enhanced channel protocols that Windows Server supports. This information is stored in the following registry key:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Typically, this key contains the following subkeys:
PCT 1.0, SSL 2.0, SSL 3.0, TLS 1.0 ...
Each key holds information about the protocol for the key. Any one of these protocols can be enabled at the server. To do this, you create a new DWORDvalue in the server subkey of the protocol. You set the DWORDvalue to "1".
Important: Back up the registry before you modify it. Then, you can restore the registry if a problem occurs.
To enable the TLS 1.x protocol follow these steps:
Click Start, click Run, type regedt32 or type regedit, and then click OK. In Registry Editor, locate the following registry key:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\TLS 1.x\Server
On the Edit menu, click Add Value. In the Data Type list, click DWORD. In the Value Name box, type Enabled, and then click OK.
Note If this value is present, double-click the value to edit its current value.
Type 11111111 in Binary Editor to set the value of the new key equal to "1". Click OK. Restart the computer.
Hope this helps...
111
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
