How to Resolve SSL Security Error- [DBNETLIB][ConnectionOpen(SECDoClientHandshake()).]

during my deplodeployment HWS in DeltaV system, after that originally SQL connection was failed to connect such as XLReport. for invesinvestigate we found detail     message is about TLS 1.0 and TLS 2.0 compacompatibility issue.

so, I anticipate that this article, would help as many people as possible.

 A Few words About TLS1.0 

TSL1.0 is considered a deprecated protocol ad it is not recommended anymore to be used to secure connection. that's why many orgnaizations transitioned or are in the process of transitioning to newer version of TLS such as TLS1.1 or above.

however, you may still encounter outdated applications that still need to use this protocol, even for a while for just perfoming a single operation. one such example, is to try and connect to a SQL Server instance via Microsoft OLE DB Driver for SQL Server using TLS 1.0.

How to Resolve

Registry Changes

The next step is, to edit the Windows Registry (always be careful when messing up with Windows Registry – only certified engineers should do that).

To enable TLS 1.0 in Windows

In Windows Registry, add the below dword keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

  • “Enabled”=dword:00000001
  • “DisabledByDefault”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

  • “Enabled”=dword:00000001
  • “DisabledByDefault”=dword:00000000

To disable TLS 1.0 in Windows

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]

  • “Enabled”=dword:00000000
  • “DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

  • “Enabled”=dword:00000000
  • “DisabledByDefault”=dword:00000001

Learn more about the above registry changes in this MS Docs article.

Local Security Policy

The next step is to check the Local Security Policy on the database server.

So, in Local Security Policy on the Database Server, make sure that the setting “System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” is disabled.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值