Monday, 23 December 2019

How to enable TLS 1.2 in SQL server?

TLS (Transport Layer Security) is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. TLS is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.

A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website.

TLS provides you with the ability to encrypt connections between SQL Server and calling client applications.  When a client requests an encrypted connection to a SQL Server configured for TLS, an initial handshake takes place to negotiate the cipher suite from which further communication should take place.  Once agreed, SQL Server then sends its TLS certificate to the client, which the client must then validate and trust against its copy of the Certification Authority (CA) certificate.  Finally, providing the TLS certificate is trusted and it meets certain other requirements, a secure connection is established.

TLS Background:

We were able to secure communication channels since SQL Server 2000 and as the cryptographic protocols have become more and more secure over time, it’s good to see that Microsoft has continued to ensure that the product hasn't been left behind. In January 2016, Microsoft announced support for TLS 1.2 encryption for SQL Server 2008, 2008 R2, 2012 and 2014.  That announcement has since been updated to include support for SQL Server 2016 and 2017.  Previously, Microsoft only supported SSL encryption in SQL Server, however given the series of reported vulnerabilities against SSL, Microsoft now recommends that you move to TLS 1.2 since it is more secure for establishing the connection. 

SQL Server can use Transport Layer Security (TLS) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application. The TLS encryption is performed within the protocol layer and is available to all supported SQL Server clients. The level of encryption used by TLS, 40-bit or 128-bit, depends on the version of the Microsoft Windows operating system that is running on the application and database computers.

In System Registry the following changes need to be applied to enable the TLS 1.2

“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
SCHANNEL\Protocols\”

TLS 1.0
Client
                        DisabledByDefault - 1
                        Enabled                 - 0          
            Server
                        DisabledByDefault - 1
                        Enabled                 - 0          
TLS 1.1
Client
            DisabledByDefault - 1
            Enabled                 - 0
Server
            DisabledByDefault - 1
            Enabled                 - 0          
TLS 1.2
Client
            DisabledByDefault - 0
            Enabled                 - 1          
Server
            DisabledByDefault - 0
            Enabled                 - 1          


References:


4 comments:

  1. Thanks for sharing the article...

    ReplyDelete
  2. Hi there,
    Thank you so much for the post you do and also I like your post, Are you looking for Buy Accredited Tax Advisor certificate online in the whole USA? We are providing Buy original database registered accounting certificates, Buy Real and Fake Accounting Certificates Online, buy Certified Management Accountant certificate without exam,buy Certified Internal Auditor certificate without exam, buy Enrolled Agent certificate without exam,buy Certified Public Bookkeeper certificate without exam,buy Certified Information Systems Auditor certificate without exam,buy Certified Bank Auditor certificate online, buy Certified in Financial Forensics certificate for sale, buy Certified Fraud Examiner certificate without exam,buy Certified Payroll Professional certificate without exam,buy Certified Business Appraiser certificate without exam,buy Certified Credit Executive certificate without exam,buy Certified Information Security Manager certificate without exam,buy Certified Risk Professional certificate without exam,buy Accredited Business Accountant certificate online,buy Certified Quality Auditor certificate for sale, buy Accredited Tax Advisor certificate for sale, buy Accredited Tax Preparer certificate with the well price and our services are very fast.
    Click here for MORE DETAILS......

    ReplyDelete
  3. This is a very useful post, I was looking for this info.Private tutor Larchmont thanks for sharing the great ideas...

    ReplyDelete
  4. This article gives the light in which we can observe the reality. Private Tutor in Windermere I like this kind of blog. Thanks for sharing informative information with us

    ReplyDelete