Java – SQL Server 2016: enable TLS 1.2 for SQL server connections
I run SQL Server 2016 on Windows 2012 R2 and I apply tlsv1.0 2 and restarted the VM, https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server I did see TLS 1.2 enabled using the iiscrypto tool on the SQL Server VM
We have Java 8 web applications, and we force web applications to use only tls1 2. Use JVM parameter - djdk tls. client. Protocols = "tlsv1.2" (if I delete this JVM parameter, the application will be fined for connecting to SQL Server), but we see the following error, although tlsv1.2 is enabled for SQL server two
org.apache.commons.dbcp.sqlNestedException: Cannot create PoolableConnectionFactory (The driver Could not establish a secure connection to sql Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1,but that protocol version is not enabled or not supported by the client.". ClientConnectionId:7564b6a1-60c0-4a24-8baa-7bd21f9512cf)
We have another one Net 2.0 windows service (only tlsv1.2 is enabled in the registry), and it cannot connect to SQL Server 2016
System.Data.OleDb.OleDbException: [DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error. at System.Data.OleDb.OleDbConnectionInternal..ctor(OleDbConnectionString constr,OleDbConnection connection) at System.Data.OleDb.OleDbConnectionFactory.CreateConnection(DbConnectionOptions options,Object poolGroupProviderInfo,DbConnectionPool pool,DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection,DbConnectionPoolGroup poolGroup) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection,DbConnectionFactory connectionFactory) at System.Data.OleDb.OleDbConnection.open()
However, if I enable ssl3 and tls1 in the registry 0 Net 2.0 windows service can be well connected to SQL Server 2016
I suspect that the problem is that SQL server does not use tlsv1 2. Although tlsv1.0 is enabled on the SQL Server VM 2. If there are more configurations or patches that need to be applied to SQL server to support tlsv1 2. Can anyone help me?
Solution
Microsoft Windows server stores information about the different security enhanced channel protocols supported by windows server This information is stored in the following registry key:
Typically, this key contains the following children:
Each key contains information about the key protocol You can enable any of these protocols on the server To do this, you need to create a new DWORD value in the server subkey of the protocol You set the DWORD value to "1"
Important: back up the registry before modifying it You can then restore the registry if there is a problem
To enable TLS 1 X protocol, please perform the following steps:
Click start, click Run, type regedt32 or regedit, and then click OK In the registry editor, locate the following registry key:
On the edit menu, click add value In the data type list, click DWORD In the value name box, type enabled, and then click OK
Note if this value exists, double-click the value to edit its current value
Type 11111111 in the binary editor to set the value of the new key to "1" Click OK Restart the computer
I hope this can help