SQL Server and TLS 1.2

From Hostek.com Wiki
Jump to: navigation, search

Due to PCI DSS requirements, many sites and servers have disabled support for TLS versions older than 1.2. For servers that have MS SQL Server installed, this can cause failure for the SQL Server to start if the appropriate version and update are not installed.

SQL Server Versions Supporting TLS 1.2

These are the SQL Server version and update levels that will function with TLS 1.0 disabled.

Version Update Download Link
SQL 2012 SP2 Cumulative Update 10 https://www.microsoft.com/en-us/download/details.aspx?id=50731
SQL 2012 SP3 Cumulative Update 1 https://www.microsoft.com/en-us/download/details.aspx?id=50733
SQL 2014 RTM Cumulative Update 12 https://www.microsoft.com/en-us/download/details.aspx?id=51187
SQL 2014 SP1 Cumulative Update 5 https://www.microsoft.com/en-us/download/details.aspx?id=51186

Source: https://support.microsoft.com/en-us/kb/3052404

Applying Updates to SQL Server

You can apply the update to your SQL Server instance by downloading the installer from the appropriate link above and running it on the server with the SQL instance. The SQL Service will be stopped during update, and the update may require a reboot. Therefore, an update should only be applied during off-peak/maintenance hours for production environments.

SQL Server Clients Support TLS 1.2

After applying the update and removing support for TLS 1.0, all clients connecting to SQL Server remotely will need to support TLS 1.2. If you encounter any issues connecting remotely with SQL Management Studio, we recommend that on the remote PC that is having issues connecting, you update SQL Server Management Studio to match the version of SQL Server that was installed on the server and also install the latest .Net version (download link: https://www.microsoft.com/en-us/download/details.aspx?id=49981).

NOTE: The same installer that was used to update the server can be used to update SQL Management Studio.


Davidd (talk) 14:12, 14 March 2016 (CDT)