MSSQLSERVER_33128
Applies to: 
SQL Server
Details
| Attribute | Value |
|---|---|
| Product Name | SQL Server |
| Event ID | 33128 |
| Event Source | MSSQLSERVER |
| Component | SQLEngine |
| Symbolic Name | SEC_DEPRECATED_ALGO |
| Message Text | Encryption failed. Key uses deprecated algorithm '%.*ls' which is no longer supported. |
Explanation
This message occurs when referencing the RC4 (or RC4_128) encryption algorithm. RC4 and RC4_128 are weak algorithms and are deprecated. Use a stronger algorithm such as one of the AES algorithms instead.
When the database compatibility level is 90 or 100, the operation succeeds, the deprecation event is raised, and the message appears only in the ring buffer.
When the database compatibility level is 110 or higher, decryption operations succeed, the deprecation event is raised, and the message appears only in the ring buffer. Encryption operations will fail, the deprecation event is raised, and the message is displayed for the user, and the message appears in the ring buffer.
Note
The ring buffer is an internal component which is not fully documented and is not intended to be used by customers. Messages from the ring buffer are useful when contacting Microsoft Customer Support. To view the ring buffer, query the sys.dm_os_ring_buffers dynamic management view.
| State | Description |
|---|---|
| 1 | A RC4 key is used in the built-in encryptbykey() function. Built-in function returns NULL. This message only appears in the ring buffer. |
| 2 | A RC4 key is used in by the built-in decryptbykey() function. This message only appears in the ring buffer. |
| 3 | A deprecated RC4 key is being encrypted by a symmetric key. Seen by users and in the ring buffer. Deprecated RC4 symmetric keys cannot be altered in compatibility level 110. Try to use non-RC4 keys for crypto operations. If necessary, set backward compatibility level to a 90 or 100. |
| 4 | A non-RC4 key is being encrypted by a deprecated RC4 symmetric key. Seen by users and in the ring buffer. Modify the application to use non-RC4 symmetric keys or set backward compatibility level to 90 or 100. |
| 5 | A deprecated RC4 key is being decrypted by a symmetric key. This message only appears in the ring buffer. |
| 6 | A non-RC4 key is being decrypted by an RC4 symmetric key. This message only appears in the ring buffer. |
| 7 | A RC4 symmetric key is being encrypted by the certificate. Seen by users and in the ring buffer. |
| 8 | A RC4 symmetric key is being decrypted by the certificate. This message only appears in the ring buffer. |
| 9 | A RC4 symmetric key is being encrypted by the EKM key. |
| 10 | A RC4 symmetric key is being decrypted by the EKM key. This message only appears in the ring buffer. |
User Action
Use a stronger algorithm such as one of the AES algorithms instead. (Recommended)
Use ALTER DATABASE SET COMPATIBILITY_LEVEL to set the database to compatibility level 100. (Not recommended.)