Transport Layer Security (TLS), and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. We recommend that you upgrade to the latest TLS 1.2 for secure communication.
If you are planning to increase your Microsoft SQL Server security by enabling or updating the TLS protocol, please note that JungleMail is compatible with TLS 1.0, TLS 1.1 and TLS 1.2 out-of-the-box. No connection strings or other modifications are necessary.
We recommend to read this article on how to update and configure your environments (server – SQL, client – SharePoint/.NET Framework) to support TLS 1.1 and TLS 1.2.
To analyze client-server communication performance over TLS, we have done many tests on our SharePoint 2016 and SharePoint 2013 environments. In the tests, we used Registry Editor on SQL and SharePoint servers to disable and enable specific TLS versions. You can read more about TLS/SSL settings here .
SharePoint 2016 environment
- Windows Server 2012 R2
- SQL Server 2014 SP2 version 12.0.5207.0 (Force Encryption = Yes)
- SharePoint 2016 version 16.0.4732.1000
- Almost all Windows updates are installed.
Result: no issues with TLS 1.2 only and TLS 1.1 and TLS 1.2 configurations.
SharePoint 2013 environment
- Windows Server 2012
- SQL Server 2008 R2 SP3 10.50.6000.34(?) (Force Encryption = Yes)
- SharePoint 2013 version 15.0.5049.1000
- All Windows updates are installed.
Results: SQL service does not start when TLS 1.0 is disabled. We had to install TLS 1.2 hotfix for SQL server to make it work with TLS 1.1 or TLS 1.2. Now SQL version is 10.50.6542 and everything works fine with TLS 1.2 only and TLS 1.1 and TLS 1.2 configurations.
Incompatible TLS version simulation
If we enable incompatible versions on SQL server (TLS 1.2 only) and SharePoint server (TLS 1.2 disabled), SharePoint itself stops working. It is unable to connect to the SQL server, producing the following error:
“This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database. To connect this server to the server farm, use the SharePoint Products Configuration Wizard, located on the Start menu in Microsoft SharePoint 2010 Products.”
“A connection was successfully established with the server, but then an error occurred during the login process.”
Encrypt=True (not Encryption=True) is used on a client to force an encrypted connection to an SQL server. This option does not control the version of TLS.
You can set Force Encryption flag on the SQL server to make all connections encrypted. In this case, you do not need to set Encrypt=True in connection strings, because the encryption is required by the server.
Read more about encrypting connections to SQL servers here.
You might also be interested to read this discussion about forced encryption here.