TLS 1.0 is very old and mouldy. Sometimes things go wrong in the software world, because you don't do anything. You would need to upgrade the VM and the app , so that it uses TLS 1.2.
SQL based application errors out when trying to access SQL over network
I have a legacy SQL-based app running within a VM. When it tries to access SQL server (using SQL authentication), the following message appears in the Event Viewer on the SQL server machine (Windows 11): "An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed. The SSPI client process is sqlservr". The application within the VM worked fine when the SQL Server was on a Windows 10 machine, but broke when I moved SQL Server to Windows 11. Pulling out my hair trying to figure out what went wrong.
3 answers
Sort by: Most helpful
-
-
AniyaTang-MSFT 12,421 Reputation points Microsoft Vendor
2023-04-28T03:15:07.3666667+00:00 Hi @RamyA
You can check if your Windows 11 has TLS 1.0 enabled.
I agree with Erland's suggestion. Earlier versions of TLS may have some vulnerabilities, and it may be better to use a new version of TLS.
Best regards,
Aniya
-
Limitless Technology 44,121 Reputation points
2023-04-28T14:43:04.1933333+00:00 Hello,
I imagine that you have already checked the TLS1.0 enablement in Windows 11, so I propose an alternative path of investigation that can be useful.
The answer most likely is updating your Cipher Suite, Windows 22H2 changed the default TLS Cipher Suites. The following were removed from the default "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_3DES_EDE_CBC_SHA" per article https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-11
I ran into the same issue, so I just updated the SSL Cipher Suite per instructions https://support.microsoft.com/en-us/topic/update-to-add-new-cipher-suites-to-internet-explorer-and-microsoft-edge-in-windows-548427db-ed06-5521-fe8b-d525ab573022. The list I used was the one that was used for Windows prior to the 22H2 (22621.819) update:
TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA,TLS_PSK_WITH_AES_256_GCM_SHA384,TLS_PSK_WITH_AES_128_GCM_SHA256,TLS_PSK_WITH_AES_256_CBC_SHA384,TLS_PSK_WITH_AES_128_CBC_SHA256,TLS_PSK_WITH_NULL_SHA384,TLS_PSK_WITH_NULL_SHA256
Additionally if you want to configure SQL to use more robust TLS 1.2, you can check the next article: https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe
--If the reply is helpful, please Upvote and Accept as answer--