Connecting to SQL Server using TLS1.1/1.2

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
miles00001001
New user
New user
Posts: 2
Joined: 2017-03-30 11:59

Connecting to SQL Server using TLS1.1/1.2

Postby miles00001001 » 2017-03-30 12:06

Hi:

Using the latest SQL Server 2016. After getting a request to disable TLS 1.0 on the server stopped working. An error about SSL Security Error in DBNETLIB for the ODBC driver. After enabling TLS 1.0 in registry and rebooting everything works fine. I have even tried a mixture of setting the server to disabled and client to enabled. I'm able to connect and query through sql server management studio with the protocol disabled.

Is there a setting I can add to the ini or might this have a deeper issue in the code?

Thanks!

User avatar
mattg
Moderator
Moderator
Posts: 17596
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Connecting to SQL Server using TLS1.1/1.2

Postby mattg » 2017-03-30 12:28

I think deeper than the code even :?

Here is (I think) the relevant page in the source >> https://github.com/hmailserver/hmailser ... ection.cpp
Although that is for the SQLCE, I can't see any other connection strings for MS SQL Server

And issue #1 here >> https://blogs.msdn.microsoft.com/sqlrel ... -and-2014/ says that for TLSv1.2 you need dotNET framework 4.6
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

miles00001001
New user
New user
Posts: 2
Joined: 2017-03-30 11:59

Re: Connecting to SQL Server using TLS1.1/1.2

Postby miles00001001 » 2017-03-30 18:04

Looks like for regular SQL Server it uses the ADOConnection classes.

https://github.com/hmailserver/hmailserv.../ADOConnection.cpp. At line 87 it sets the provider to sqloledb, but to SQLNCLI (SQL Native Client) if the failover setting is used.

A cursory google search seems to indicate that sqloledb needs TLS1.0. Would be nice to have a setting in the database section of the ini to explicitly set the data provider.

User avatar
Dravion
Senior user
Senior user
Posts: 704
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Connecting to SQL Server using TLS1.1/1.2

Postby Dravion » 2017-03-30 23:47

MS-SQL Server EXPRESS/MSSQL Serverinstances
Can be configured using multiple protocols at the same time. Use the MMC Sql Server Snapin and the SQl Server Config Wizard to enable the desired protocol.

The Main SQL-Server protocol is listening on Port 1433 and can be accessed in native fashion via SQLNET Native client, Managed via ADO.NET Alternative is Named Pipes and DEC Protocol.

SQLServerManagementstudio connects as default via NamedPipes with MSSQL Instances and needs no TCP for localhost only connections.

Ps:
hMailServer is not ready for initiating TLS 1.x or higher connections by itself to MSSQL but maybe there are chances to configure the Native Client part on hMailServer Computer and the target SqlServer instance in a transparent fashion instead.
My experimental builds of hMailserver 32/64-Bit+Unicode
https://github.com/Dravion/hmailserver/releases

HMSInfo 32/64-Bit
https://github.com/Dravion/HMSInfo/releases


Return to “Development & alpha discussions”



Who is online

Users browsing this forum: No registered users and 2 guests

cron