SSIS:Advisory:DQC for SSIS & TLS 1.2: Difference between revisions
Created page with "← SSIS:Data Quality Components {{CustomTOC}} When attempting to connect to a TLS 1.2 or higher web service using SSIS 2012 or 2014, you ..." |
m Admin moved page FAQ:SSIS:Enforce TLS 1.2 to FAQ:SSIS:Advisory:DQC for SSIS & TLS 1.2 |
(No difference)
|
Revision as of 22:54, 8 July 2020
← SSIS:Data Quality Components
When attempting to connect to a TLS 1.2 or higher web service using SSIS 2012 or 2014, you might encounter this error:
Error verifying service: The request was aborted: Could not create SSL/TLS secure channel.
SSIS 2012 and 2014 are set to default to use TLS 1.0, this could cause an issue when connecting to a web service that requires TLS 1.2 or higher.
Follow the instructions below to enforce TLS 1.2 in your environment.
- 1.
- For SQL 12
- Microsoft® SQL Server® 2012 SP3 Latest Cumulative Update
- https://www.microsoft.com/en-us/download/details.aspx?id=50733
- For SQL 14
- Microsoft® SQL Server® 2014 SP2 Latest Cumulative Update
- https://www.microsoft.com/en-us/download/details.aspx?id=53592
- If your machine already has the latest updates or is unable to install, continue to the next step.
2. Add new entry as Client to registry as instructed here
- To enable the TLS 1.2 protocol, create an Enabled entry in either the Client or Server subkey as described in the following table. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 1.
- If the TLS 1.2 entry is not found, skip to the next step.
3. In the Registry Editor, go to the directories mentioned below and add a Dword entry name SchUseStrongCrypto with a value of 1 for each directory
- SSIS 2012
- You can override the default behavior in following registry:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 Value: SchUseStrongCrypto Type: REG_DWORD Data: 1
- And
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319 Value: SchUseStrongCrypto Type: REG_DWORD Data: 1
- SSIS 2014
- Configure for strong cryptography
- https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client
For 32-bit applications that are running on 32-bit OSs and for 64-bit applications that are running on 64-bit OSs, update the following subkey values:
Registry [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
- Or
For 32-bit applications that are running on 64-bit OSs, update the following subkey values:
Registry [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
Restart the machine and open up your SSIS project and perform a Test Configuration to ensure you are connected successfully.
Add either of the 2 entries into the registry that apply to your environment.
SSIS will now successfully connect to TLS 1.2 web service.