当启用了多个TLS版本时,SQL Server如何选择使用TLS? [英] How does SQL Server pick TLS to use when there are more than one TLS versions are enabled?
问题描述
有人可以帮我理解当启用多个TLS版本时,SQL Server如何选择使用TLS吗?我有两个SQL Server实例位于两个不同的Windows Server 2012 R2上。简单来说,我们只需将其称为服务器A和
服务器B.
我可以在服务器A上使用SSMS连接服务器B上的SQL Server实例,但我无法在服务器B上使用SSMS连接服务器A上的SQL Server实例。尝试从服务器B连接服务器A实例时出现以下错误:
SQL中的错误消息服务器:
与服务器成功建立连接,但在登录过程中发生错误。 (提供者:SSL提供者,错误:0 - 客户端和服务器无法通信,因为它们没有通用算法。)(Microsoft SQL
服务器,错误:-2146893007)
Windows系统日志中的错误消息:
生成致命警报并将其发送到远程端点。这可能导致连接终止。 TLS协议定义的致命错误代码为70. Windows SChannel错误状态为105.
以下是两台服务器的详细信息:
服务器A:
SQL Server版本 - SQL Server 2012(SP3)11.0.6020.0
TLS 启用1.0,启用TLS 1.1,禁用TLS 1.2
服务器B:
SQL Server版本 - SQL Server 2016(SP1)13.0.4466.4
TLS 启用1.0,禁用TLS 1.1,启用TLS 1.2
这根据我的知识,问题让我感到困惑, 两个Windows服务器将选择任何TLS通用的相互通信,因为A和B都启用了TLS 1.0,连接时应该没有任何问题。
我能想到的唯一可能性是SQL Server正在选择使用不同的TLS导致问题。
如果有人能帮我理解这个问题是怎么发生的,我真的很感激。
谢谢!
Adam
您好Adam1209,
您能否告诉我们Windows Server和SSMS的版本?
通常,SQL Server 2016支持TLS 1.0到1.2,它不会导致此问题。您能否请安装此工具 https://www.nartac.com/Products/IISCrypto/Download 在sql
服务器机器和SSMS机器上,然后分享截图给我们进行分析?
最好的问候,
Teige
Hi, can someone please help me understand how SQL Server pick TLS to use when there are more than one TLS versions are enabled? I have two SQL Server instances sitting on two different Windows Server 2012 R2. To be simple, let's just call it Server A and Server B.
I'm able to use SSMS on Server A to connect SQL Server instance on Server B, but I'm not able to use SSMS on Server B to connect SQL Server instance on Server A. Getting below error when trying to connect Server A instance from Server B:
Error message in SQL Server:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The client and server cannot communicate, because they do not possess a common algorithm.) (Microsoft SQL Server, Error: -2146893007)
Error message in Windows System logs:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Below are the details of two servers:
Server A:
SQL Server Version -- SQL Server 2012 (SP3) 11.0.6020.0
TLS 1.0 enabled, TLS 1.1 enabled, TLS 1.2 disabled
Server B:
SQL Server Version -- SQL Server 2016 (SP1) 13.0.4466.4
TLS 1.0 enabled, TLS 1.1 disabled, TLS 1.2 enabled
This issue is making me confused now, to my knowledge, two windows server will pick whatever TLS is in common to communicate with each other, since both A and B have TLS 1.0 enabled, there should not be any problem with connecting to each other.
The only possibility I can think of is SQL Server is picking different TLS to use so causing the issue.
I really appreciate if someone can help me to understand how this issue happened.
Thanks!
Adam
Hi Adam1209,
Could you please tell us the version of the Windows Server and SSMS?
Generally, SQL Server 2016 supports TLS 1.0 to 1.2, it will not cause this problem. Could you please install this tool https://www.nartac.com/Products/IISCrypto/Download both on sql server machine and SSMS machine, then share the screenshot to us for analysis?
Best Regards,
Teige
这篇关于当启用了多个TLS版本时,SQL Server如何选择使用TLS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
