SQL Issue enabling only TLS 1.2 RRS feed

  • Question

  • Hello,

    We attempted to enable only TLS 1.2 (disabling 1.0, 1.1, SSL 2 and 3) and post changes/reboot SQL would not start giving an error of Unable to initialize SSL support. The client and server cannot communicate, because they do not possess a common algorithm

    • We are currently on SFB 2015 ver 6.0.9276 with plans to go to the latest CU once we get this sorted out but until then we had to roll back the TLS changes and re-enable 1.0. This allowed SQL to start up and the SFB services to then start as well.
    • These servers are edge pool and therefore have SQL and IIS on the same server running SQL Express 12.0.2000.8
    • Our Internal SQL Server is running 2012 ENT 11.0.2100.60

    According to this: http://blogs.sqlsentry.com/aaronbertrand/tls-1-2-support-read-first/

    SQL server 2014 12.2 supports TLS 1.2 with the following "You are on RTM or the RTM GDR path. For full support now, install the RTM GDR TLS 1.2 Update (12.0.2271). Though I would opt for Cumulative Update #12, and deploy that instead, especially if the encrypted endpoint issue above might affect you."

    As this is SQL express, I'm not sure if it's applicable or not.

    I had the following questions:

    • Has anyone here been able to make this change and only use TLS 1.2 on their Edge Pools?
    • Would these TLS 1.2 changes have to be enabled as well on the Internal FE Pool Servers to match/communicate?
    • Has anyone updated to CU 12 for SQL server express, and their internal SQL Ent server backend to attempt to resolve this issue?

    Thanks in advance for your help.

    • Edited by GJM777 Wednesday, July 13, 2016 1:49 PM
    Wednesday, July 13, 2016 1:29 PM


  • Just from here: https://blogs.msdn.microsoft.com/sqlreleaseservices/tls-1-2-support-for-sql-server-2008-2008-r2-2012-and-2014/ for SQL TLS 1.2 support

    Yes. it will change the behavior of internal communication 

    Thursday, July 14, 2016 10:28 PM