I have an old CLR assembly that was using .Net 2 and when our TLS 1.0 connections were shut down for security reasons, the calls I was making out of the assembly (rest posts to https end point) we being returned with
The underlying connection was closed: An unexpected error occurred on a send. —> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
We figured we needed to upgrade the assembly to use .Net 4 (specifically 4.5.2) to get it to use TLS 1.1 which is still active. I upgraded the project and assembly but am still getting that message.
Is there something specific I need to do in SQL Server or in OS to force the TLS 1.1 connection?
Best Answer
If you are still getting that error then it is possible that the requirement for the connection is actually TLS 1.2 and not 1.1, and 1.2 does not become the default until .NET Framework version 4.6. So, you can either try to compile with a target framework version of 4.6, or you can force the TLS version to use 1.2 (or support both 1.1 and 1.2) by setting the
SecurityProtocol
property of theServicePointManager
class. There are enum values for:SecurityProtocolType.Tls12
SecurityProtocolType.Tls11
However, depending on which version of the .NET Framework you are using, those values might not yet have been added to the enum. But that won't matter since you can just specify the numerical value that the enum value translates to:
(SecurityProtocolType)3072
for TLS 1.2(SecurityProtocolType)768
for TLS 1.1It appears that there might also be a registry setting to force the TLS version if your code is not overriding via setting
ServicePointManager.SecurityProtocol
.I think for my SQL# project I used a static class constructor for the main class that contains the SQLCLR methods that sets
ServicePointManager.SecurityProtocol
once upon being loaded. And theenum
is a "HasFlags" enum, so you can specify multiple versions, such as:or possibly:
Please also see: