How to Resolve SSL Security Error- [DBNETLIB][ConnectionOpen(SECDoClientHandshake()).]

during my deplodeployment HWS in DeltaV system, after that originally SQL connection was failed to connect such as XLReport. for invesinvestigate we found detail     message is about TLS 1.0 and TLS 2.0 compacompatibility issue.

so, I anticipate that this article, would help as many people as possible.

 A Few words About TLS1.0 

TSL1.0 is considered a deprecated protocol ad it is not recommended anymore to be used to secure connection. that's why many orgnaizations transitioned or are in the process of transitioning to newer version of TLS such as TLS1.1 or above.

however, you may still encounter outdated applications that still need to use this protocol, even for a while for just perfoming a single operation. one such example, is to try and connect to a SQL Server instance via Microsoft OLE DB Driver for SQL Server using TLS 1.0.

How to Resolve

Registry Changes

The next step is, to edit the Windows Registry (* always be careful when messing up with Windows Registry – only certified engineers should do that).

To enable TLS 1.0 in Windows

In Windows Registry, add the below dword keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

• “Enabled”=dword:00000001
• “DisabledByDefault”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

• “Enabled”=dword:00000001
• “DisabledByDefault”=dword:00000000

To disable TLS 1.0 in Windows

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]

• “Enabled”=dword:00000000
• “DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

• “Enabled”=dword:00000000
• “DisabledByDefault”=dword:00000001

Learn more about the above registry changes in this MS Docs article.

Local Security Policy

The next step is to check the Local Security Policy on the database server.

So, in Local Security Policy on the Database Server, make sure that the setting “System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” is disabled.