Sql-server – Which TLS protocol and ciphers are supported by SQL Server 2005

sql serversql-server-2005

What is the latest TLS protocol (TLS 1.0 or TLS 1.1) to be used in SQL Server 2005? Also what ciphers are supported?

Best Answer

(Note: extended support for SQL Server 2005 ended on April 12, 2016.)

From this Microsoft support page:

Will SQL Server 2005 be supported for TLS 1.2?

TLS 1.2 support is offered only for SQL Server 2008 and later versions.

From this SQL Protocols blog entry, for SQL 2000 and 2005:

The currently recognised protocols are, from highest to lowest: TLS1.1, TLS1.0, SSL3.0, SSL2.0.

and

[The] cipher suite to use is negotiated by SSL/TLS and depends upon the cipher suites supported by the OS on the client and the server.

Related Solutions

Sql-server – Classic ASP Connection to SQL Server 2014 without TLS 1.0 using ADODB.Connection

You might possibly be trying to use 32 bit legacy drivers.

Try running C:\Windows\SysWOW64\odbcad32.exe to create a DSN that connects to your SQL Server database using the 32 bit SQL Server driver. First test the connectivity using the GUI.

Then try specifying your DSN in your connection string like so:

DSN=myDsn;Uid=myUsername;Pwd=;

The 64-bit version is located in: C:\Windows\System32\odbcad32.exe

P.S. I've not tried this but the provider name for the 32-bit SQL Server is actually "SQL Server". It'd be nice if all you had to do was replace SQLNCLI11 with SQL Server. Here's my file DSN I created with the 32 bit version--notice the driver...

[ODBC]
DRIVER=SQL Server
UID=sa
WSID=P13-0000
APP=Microsoft® Windows® Operating System
SERVER=mcdba1

SQL Server CLR Method Failing Due to TLS 1.0 Shutdown

If you are still getting that error then it is possible that the requirement for the connection is actually TLS 1.2 and not 1.1, and 1.2 does not become the default until .NET Framework version 4.6. So, you can either try to compile with a target framework version of 4.6, or you can force the TLS version to use 1.2 (or support both 1.1 and 1.2) by setting the SecurityProtocol property of the ServicePointManager class. There are enum values for:

SecurityProtocolType.Tls12
SecurityProtocolType.Tls11

However, depending on which version of the .NET Framework you are using, those values might not yet have been added to the enum. But that won't matter since you can just specify the numerical value that the enum value translates to:

(SecurityProtocolType)3072 for TLS 1.2
(SecurityProtocolType)768 for TLS 1.1

It appears that there might also be a registry setting to force the TLS version if your code is not overriding via setting ServicePointManager.SecurityProtocol.

I think for my SQL# project I used a static class constructor for the main class that contains the SQLCLR methods that sets ServicePointManager.SecurityProtocol once upon being loaded. And the enum is a "HasFlags" enum, so you can specify multiple versions, such as:

ServicePointManager.SecurityProtocol =
    SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

or possibly:

ServicePointManager.SecurityProtocol =
    SecurityProtocolType.Tls11 | (SecurityProtocolType)3072;

Please also see: