Does setting SChannel to TLS1.2 force SQL database engine to communicate on TLS1.2 as well

curious7 151 Reputation points
2022-10-05T03:36:09.853+00:00

After we have enabled TLS 1.2 as a protocol for SChannel at the operating system level, does that force SQL engine/instance to start communicating with TLS 1.2 as well?

Or you still have to follow procedure below to force TLS 1.2 for SQL: 

In SQL Server Configuration Manager, expand SQL Server Network Configuration, right-click Protocols for <server instance>, and then select Properties.  

In the Protocols for <instance name> Properties dialog box, on the Certificate tab, select the desired certificate from the drop-down for the Certificate box, and then select OK.  

On the Flags tab, in the ForceEncryption box, select Yes, and then select OK to close the dialog box.  

Restart the SQL Server service.
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,690 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,113 questions
0 comments
Accepted answer
  1. Limitless Technology 39,351 Reputation points
    2022-10-06T09:35:34.207+00:00

    Hello,

    Yes, this will be needed as the platform OS will "offer" the possibility of TLS1.2 to the applications but it will not enforce it. Setting it up and configuring it for SQL will force the usage of that protocol. if not SQL will know that is there but would lack also the settings to actually use it.

    ---------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. PandaPan-MSFT 1,901 Reputation points
    2022-10-05T06:13:58.69+00:00

    Hi @curious7
    I think that it depends on your version of SQL Server. The versions below are not default to use TLS1.2:

    1.SQL Server 2012 SP2 CU10

    2.SQL Server 2012 SP2 GDR

    3.SQL Server 2012 SP1 CU3

    4.SQL Server 2012 SP3 GDR

    5.SQL Server 2014 RTM GDR

    6.SQL Server 2014 RTM CU12

    7,SQL Server 2014 SP1 GDR

    8.SQL Server 2014 SP1 CU5

    And for more information you can check this official link : https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"

    0 comments
  2. PandaPan-MSFT 1,901 Reputation points
    2022-10-06T06:09:59.84+00:00

    Hi @curious7 ,
    We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.

    0 comments