Loading...

Course Content

Total learning: 21 lessons Time: 2 hours

SQL Server Configuration

The instructions provided here are to configure SQL Server 2016. For Microsoft SQL 2016, TLS is already enabled.

1. Enable TLS 1.2 to the registry if needed

1. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run Note: You will be editing the registry.

This could have detrimental effects on your computer if done incorrectly, it is strongly advised you make a backup.

2. Browse to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.

3. Right click on the Protocols folder and select New then Key from the drop-down menu. This will create new folder. Rename this folder to TLS 1.2.

4. Right click on the TLS 1.2 key and add two new keys underneath it.

5. Rename the two new keys as:

    • Client
    • Server

6. Right click on the Client key and select New and then DWORD (32-bit) Value from the drop-down list.

7. Rename the DWORD to DisabledByDefault.

8. Right-click the name DisabledByDefault and select Modify from the drop-down menu.

9. Ensure that the Value data field is set to 0 and the Base is Hexadecimal. Click on OK.

10 . Create another DWORD for the Client key as you did in Step 6.

11. Rename this second DWORD to Enabled.

12. Right-click the name Enabled and select .. from the drop-down menu.

13. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.

14. Repeat steps 6 to 13 for the Server key (by creating two DWORDs, DisabledByDefault and Enabled, and their values underneath the Server key).

Registry values that are added or changed to enable TLS 1.2

2. Configure .NET to use strong cryptography to the registry if needed

By configuring .NET to use strong cryptography this enables TLS 1.2 for .NET applications. Even if .NET 4.7 is installed it must be configured to enable TLS 1.2.

1. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run Note: You will be editing the registry.

2. Browse to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

3. Right click on the 0.30319 key and select New and then DWORD (32-bit) Value from the drop-down list.

4. Rename the DWORD to SchUseStrongCrypto.

5. Right-click the name SchUseStrongCrypto and select Modify from the drop-down menu.

6. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.

7. Browse to the following registry key: HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319

8. Right click on the 0.30319 key and select New and then DWORD (32-bit) Value from the drop-down list.

9. Rename the DWORD to SchUseStrongCrypto.

10. Right-click the name SchUseStrongCrypto and select Modify from the drop-down menu.

11. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click on OK.

Registry values that are added or changed to enable .NET to use strong crypto

3. Reboot the SQL Server

Once your SQL server had been rebooted, TLS 1.2 will be enabled.

Was this Information helpful?