ssl - Issue creating a connection to SQL server 2014 with ODBC data source and TLS activated -


i trying create / modify system data source application needs connect our microsoft sql express 2014 database through odbc data source. connection used work before enabled ssl encryption flow but, have encrypted link, connection not work anymore.

here details:

  • we run microsoft sql server express 2014 sp1 latest cumulative update (cu #3) (which necessary deactivate ssl 3.0 , tls 1.0 , run tls 1.1 , tls 1.2)
  • the database instance named instance, configured run tcp/ip connection , fixed port.
  • we enabled "force encryption" option , configured certificate through "sql server configuration manager"
  • we can establish connection database either using management studio or sql command line utility
  • we disabled usage of ssl/tls prior version tls 1.1 done through microsoft schannel. required update sql express 2014 sp1 latest cumulative update (cu #3)
  • the odbc data source try configure (through odbc data source administrator) "system dsn" , uses "sql server" driver , target exact same server name 1 working in management studio (and server name corresponds machine fqdn reflected in certificate cn value)
  • the version indicated sql server odbc driver "microsoft sql server odbc driver version 06.03.9600"
  • i testing connection directly through odbc data source administrator tool.
  • the first test runs run on exact same machine 1 hosting database server.

we 2 consecutive error message in microsoft sql server login:

connection failed: sqlstate : '01000' sql server error: 771 [microsoft][odbc sql server driver][tcp/ip  sockets]connectionopen(secdoclienthandshake()). connection failed: sqlstate : '08001' sql server error: 18 [microsoft][odbc sql server driver][tcp/ip sockets]ssl security error.

i went through literature find cannot find solution.

edit 27/01/2016 16:30

following erg suggestion, tried use last ms sql server native client version (11.00.2100 on system), still not resolve issue. experience issue though (whether or not force strong encryption on client side results in same error):

running connectivity tests...  attempting connection [microsoft][sql server native client 11.0]tcp provider: existing connection forcibly closed remote host.  [microsoft][sql server native client 11.0]client unable establish connection  tests failed!

so, got working after struggling little bit more.

first of all, appears there cu available (cu4) sql server express 2014 sp1.

i did download , install it, did not resolve problem: deactivated tls 1.0 , below version odbc did not work.

strangely, though cu3 , installation of .net 4.6 allowed me log in in management studio, when tried execute xp_readerrorlog query, failed.

what did solve issue follow malthus's answer on related stack overflow question https://dba.stackexchange.com/questions/93127/sql-server-service-won-t-start-after-disabling-tls-1-0-and-ssl-3-0 (3rd answer top).

i therefore activated local security policy on computer , managed links sql db working.

now, got iis working along own service , client working.

btw, if needs more user friendly way of activating ssl/tls version(s) , cryptographic algorithms on windows, stumbled uppon nice gui application not required use regedit it:

https://www.nartac.com/products/iiscrypto. it's free , not a nartac software employee, manager or shareholder.

i hope help!

edit feb 25, 2016

it looks latest cumulative update (cu5 available @ https://support.microsoft.com/en-us/kb/3130926) removes need activate fips option system cryptography.

i discovered since had deactivate fips enable required functionnality while still relying on tls 1.2 connection. indeed, appears activating fips option system cryptography prevents .net framework successfuly make use of system algorithms (such sha256managed).

in addition, according discussions seen around web (i.e. http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx) not recommended activate fips (except strictly comply governmental recommendations) since breaks applications relying on non-fips validated implementations of cryptographic algorithms, which, provided in microsoft system libraries.


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more