stackoom
  简体   繁体   中英

Enable TLS1.2 communication for webapplication and database server calls

 原文  2018-02-08 17:22:42       sql/ asp.net/ security/ tls1.2

Question

We have an application running on windows 2012 R2 OS with 4.6 framework and database as SQL server 2012. Due to security concerns we were asked to enable TLS1.2 protocol for the calls made between application server to database server and vice versa. I have followed below URL and we have all patches installed. https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server .

Our front end application doesnt directly call the database instead we have WCF service in between front end application (asp.net) and SQL server. I read in an article we can achieve this without making changes to the code and change the providername ="SQLNCI11". When i change the provider name like below i am getting error. saying that "Unable to find the requested .Net Framework Data Provider"

Data Source=servername;Initial Catalog=DBname;uid=XXX;pwd=XXXX;Connect Timeout=200;MultipleActiveResultSets=True;Current Language=us_english; providername="SQLNCI11"

I have verified machine.config and i dont find DBproviderfactory for SQL native client.Am i missing anything here?

  1. As an alternative, Without changing provider name in connection string i have added Encrypt=true;TrustServerCertificate=true in connection string Data Source=servername;Initial Catalog=DBname;uid=XXX;pwd=XXXX;Connect Timeout=200;MultipleActiveResultSets=True;Current Language=us_english; Encrypt=true;TrustServerCertificate=true providername="System.Data.SqlClient"

After making above changes in connection string database call was success and when i see Ethernet communication using wireshark tool, database to WCF service communication is made with TDS protocol and TLS is involved according to wireshark tool. If i remove "Encrypt=true;TrustServerCertificate=true" from connection string then i dont see "TLS Exchange" message.

在此处输入图片说明

What steps should I need to take to ensure the application use TLS 1.2 protocol to communicate with the database? and also please suggest how to prove this communication.

1 answers

solution1
 0  2019-04-01 10:49:58

One year later, I wanted to assess the same thing - knowing exactly what TLS version is in use for my MS SQL traffic.

Actually TLS is encapsulated in TDS when it comes to MS SQL traffic. You can see TDS header (starting by 0x12 - higlighted in yellow in the picture). After this header begins the TLS packets and you can check version by looking at 2nd and 3rd TLS packets.

In my example, 0x03 0x03 stands for TLS 1.2 (3rd version of TLS protocol)

在此处输入图片说明

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check TLS1.2 for SQL Server Connection Changing Provider in connection string to be TLS1.2 Compatible causes parameters to fail with datetime Is it possible to make multiple jQuery Ajax Calls with one one server-client communication Internal Server Error on a PHP app that is calling a function that calls MySQL database How to reduce database (SQL Server) calls from .NET windows application Multi threading C# application with SQL Server database calls Intercept/Log all database calls to SQL Server from a .Net Assembly Android and Mysql Database Communication Multithread server and communication with SQL 1.2 in SQLite3 Database Is Actually 1.199999998
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM