SSIS:Advisory:DQC for SSIS & TLS 1.2

From Melissa Data Wiki
Jump to navigation Jump to search

← SSIS:Data Quality Components


When attempting to connect to a TLS 1.2 or higher web service using SSIS 2012 or 2014, you might encounter this error:

Error verifying service: The request was aborted: Could not create SSL/TLS secure channel.

SSIS 2012 and 2014 are set to default to use TLS 1.0, this could cause an issue when connecting to a web service that requires TLS 1.2 or higher.

Follow the instructions below to enforce TLS 1.2 in your environment.

1.
For SQL 12
Microsoft® SQL Server® 2012 SP3 Latest Cumulative Update
https://www.microsoft.com/en-us/download/details.aspx?id=50733
For SQL 14
Microsoft® SQL Server® 2014 SP2 Latest Cumulative Update
https://www.microsoft.com/en-us/download/details.aspx?id=53592
If your machine already has the latest updates or is unable to install, continue to the next step.


2. Add new entry as Client to registry as instructed here

https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings#tls-12
To enable the TLS 1.2 protocol, create an Enabled entry in either the Client or Server subkey as described in the following table. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 1.
If the TLS 1.2 entry is not found, skip to the next step.


3. In the Registry Editor, go to the directories mentioned below and add a Dword entry name SchUseStrongCrypto with a value of 1 for each directory

SSIS 2012
You can override the default behavior in following registry:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 
Value: SchUseStrongCrypto
Type: REG_DWORD
Data: 1
And
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319
Value: SchUseStrongCrypto
Type: REG_DWORD
Data: 1
SSIS 2014
Configure for strong cryptography
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client


For 32-bit applications that are running on 32-bit OSs and for 64-bit applications that are running on 64-bit OSs, update the following subkey values:

Registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001
Or


For 32-bit applications that are running on 64-bit OSs, update the following subkey values:

Registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001


Restart the machine and open up your SSIS project and perform a Test Configuration to ensure you are connected successfully.

Add either of the 2 entries into the registry that apply to your environment.

SSIS will now successfully connect to TLS 1.2 web service.