Aug 01 2023 02:58 AM - edited Aug 01 2023 03:21 AM
We have SQL server 2014 (with sp3 installed) hosted on Windows Server 2012 R2.
Recently our client application upgraded to use OpenSSL 3.0.8 and we are restricting to use TLSv1.2 & TLSv1.3 only. Now our client application is not able to connect to SQL server via ODBC driver 17/18.
I tried enabling TLSv1.2 on SQL server 2014 including applying service pack3 (KB3135244), updating host OS, updating .NET on host OS, adding registry entries to Schannel, enabling group policy to use FIPS enabled ciphers, etc. Unfortunately none of these solved the issue.
I tried to diagnose the issue with openssl/sslscan utilities, but they are also not able to connect to the server on port 1433. Client waits for 'server hello' during handshake and timeout happens.
The Windows/system log shows the errors:
1. 36874 : An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
2. 36888: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The windows schannel error state is 1205.
Note that, same client can connect to another instance of SQL server 2016 hosted on another server without any issue.
Could you please suggest what more configuration we are missing on SQL server 2014?