TLS related with Windows 2019 & SQL Server 2019 ?

techresearch7777777 1,841 Reputation points
2022-09-14T01:40:01.417+00:00

Hello, sorry am confused.

My questions are how TLS corresponds within Windows Server 2019 on OS level & SQL Server 2019 installed on same VM.

Is TLS v1.0 & v1.1 disabled by default on both?

And TLS v1.2 is enabled by default on both?

What's the difference via the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols and TLS listed in Web Browser settings?

Is it correct to say in example TLS v1.2 is enabled on Windows level but not on SQL Server level it would not allow SQL DB connection and vice versa?

Thanks in advance.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,648 questions
0 comments No comments
{count} votes

Accepted answer
  1. CathyJi-MSFT 21,786 Reputation points Microsoft Vendor
    2022-09-15T07:37:09.29+00:00

    Hi @techresearch7777777 ,

    > Windows Server 2019 currently TLS versions: 1.0 = Disabled, 1.1 = Disabled, 1.2 = Enabled Would a connection into SQL Server 2019 that's installed on same VM Windows Server 2019 mentioned above require only TLS v1.2 by default or would it allow all three (v1.0, v1.1, v1.2) from a remote client ?

    According to your description, SQL server require only TLS 1.2 in this situation.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments

4 additional answers

Sort by: Most helpful
  1. CathyJi-MSFT 21,786 Reputation points Microsoft Vendor
    2022-09-14T03:00:21.277+00:00

    Hi @techresearch7777777 ,

    For the most part, protocol usage is controlled at three levels, the operating system level, the framework or platform level, and the application level. TLS 1.2 is enabled by default at the operating system level.

    > Is TLS v1.0 & v1.1 disabled by default on both?

    No, it is enabled by default. You need to disable it manually in registry.

    > And TLS v1.2 is enabled by default on both?

    Yes, you are right.

    The following tasks are needed for enabling TLS 1.2 on the site servers and remote site systems:

    •Ensure that TLS 1.2 is enabled as a protocol for SChannel at the operating system level
    •Update and configure the .NET Framework to support TLS 1.2
    •Update SQL Server and client components
    •Update Windows Server Update Services (WSUS)

    Suggest you reading below MS document to better understand TLS 1.2.

    How to enable TLS 1.2 on the site servers and remote site systems


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments

  2. techresearch7777777 1,841 Reputation points
    2022-09-14T19:20:08.84+00:00

    Thanks bunch Cathyji-msft for your reply.

    Sorry still a bit foggy on this, guess to simplify my question situation as follows:

    • Windows Server 2019 currently TLS versions: 1.0 = Disabled, 1.1 = Disabled, 1.2 = Enabled

    Would a connection into SQL Server 2019 that's installed on same VM Windows Server 2019 mentioned above require only TLS v1.2 by default or would it allow all three (v1.0, v1.1, v1.2) from a remote client ?

    Hope all is well.

    0 comments No comments

  3. Tom Phillips 17,731 Reputation points
    2022-09-14T19:39:50.533+00:00
    0 comments No comments

  4. techresearch7777777 1,841 Reputation points
    2022-09-16T02:36:06.573+00:00

    Thanks much for all the replies and Cathyji-msft for helping me understand better in my current situation question.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.