How to determine that our SQL Build number 11.0.6540.0 Supports TLS 1.2 and does not require any SQL patch update

Sanjay Choudhari 1 Reputation point
2022-01-06T14:03:15.957+00:00

How to determine that our SQL Build number 11.0.6540.0 Supports TLS 1.2 and does not require any SQL patch update

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,684 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Olaf Helper 44,311 Reputation points
    2022-01-06T14:10:45.86+00:00

    Your SQL Server 2012 is on patch level SP3 + CU4
    https://sqlserverbuilds.blogspot.com/2012/01/sql-server-2012-versions.html

    so you don't need an further update for TLS 1.2
    https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe

    But I would install latest SP4 + latest CU for more security.


  2. Tom Phillips 17,731 Reputation points
    2022-01-06T16:20:31.643+00:00

  3. Sanjay Choudhari 1 Reputation point
    2022-01-13T13:03:11.69+00:00

    Thank you for all your help on this subject.

    We updated Registry keys as per documentation, but still we were unable to send email from SQL DBmail. Below is the message recorded.

    "The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 3 (2022-01-13T00:23:22). Exception Message: Cannot send mails to mail server. (Failure sending mail.)."

    For verification we used the same email details to send test email from PowerShell Script (on same SQL DBmail server) and we were able to send emails from it.

    Not sure why we are not able to send it via SQL DBmail.


  4. Sanjay Kishan Choudhari 1 Reputation point
    2022-01-13T17:16:07.743+00:00

    We do have all the below registry keys and we have rebooted the server still no sucess.

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001 ==> Yes

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001 ==>Yes

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001 ==>yes

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001 ==> as as above Yes

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "DisabledByDefault"=dword:00000000 ==> Yes
    "Enabled"=dword:00000001 ==>Yes

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    "DisabledByDefault"=dword:00000000 ==> yes
    "Enabled"=dword:00000001 ==> yes

    0 comments No comments

  5. Sanjay Kishan Choudhari 1 Reputation point
    2022-01-18T13:25:44.33+00:00

    We are unable to fix TLS 1.2 issue on our servers. We applied all the above steps notified.

    Just for our information we are on Windows Server 2012 R2 with .Net Framework 3.5 and SQL Build number 11.0.6540.0 (SQL 2012 R2).

    We get below error in Databasemail log

    "The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 3 (2022-01-13T00:23:22). Exception Message: Cannot send mails to mail server. (Failure sending mail.)."


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.