I'm running SQL Server 2016 sp1 on a Windows Server 2012 r2 box. Supposedly, unlike earlier versions of SQL Server, SQL Server 2016 is compatible with TLS 1.2 right out of the box…. Right? Anyway, everything in my application works fine until I disable TLS 1.0 and 1.1, then I get this error:
Could not open data connection. Error:
[Microsoft][ODBC SQL Server Driver][TCP/IP Sockets]SSL Security error
When I look at the SQL Server ODBC 11 drivers they only apply to SQL server 2014 or earlier releases. What gives? I'm unclear as to how to update ODBC to be TLS 1.1 & 1.2 compatible on SQL Server 2016 which isn't even supposed to have this problem (after all, TLS 1.0 vulnerability is retro 2016 at this point) ?
Doesn't make sense…what am I doing wrong? I'm using the standard SQL Server ODBC driver. Is that the problem? Perhaps I should be using the ODBC driver version 13 for SQL Server?
Best Answer
Ran into the same issue with SQL 2016 (though it was on a Server 2016 box). Couldn't find a fix via ODBC drivers but found a Symantec article where a Backup Exec agent was unable to connect to the DB with TLS 1.0 disabled.
The suggested fix is enabling FIPS on the SQL box, this fixed it in our case but I couldn't work out why. Here's some guidance on how to enable FIPS - with the caveat that it isn't recommended unless you need to comply with a regulatory or legislative directive. (I would provide links to articles that go into detail but apparently as I'm a newbie I only get to post two links. Googling "why you shouldn't enable FIPS" should get you the articles in question)