问题描述:

Our website is using .net framework 4.5. The website is connecting to an azure database with a connection string. When we disabled SSL3.0 and TLS 1.0 we get this error

Error: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

________________________________________

Source: .Net SqlClient Data Provider

I found some one who has a similar issue here: http://www.sqlservercentral.com/Forums/Topic1714941-2571-1.aspx#bm1718159

This was the reply from one of the other users, "In order to connect, you will have to upgrade to .NET4.6, since this is the one that supports the TLS1.1/1.2 for now. We are working towards adding support to older providers as well, but we do not have dates yet."

Doesn't 4.5 support TLS1.1/1.2 as they are configurable settings in the ServicePointManager?If it can then how can I make it work in . net 4.5?

网友答案:

Short Answer

Doesn't 4.5 support TLS1.1/1.2 as they are configurable settings in the ServicePointManager? If it can then how can I make it work in . net 4.5?

Yes. It does support TLS1.1/1.2 and you can make it work like this.

  1. Enable TLS 1.1 and TLS 1.2 on your web server/dev computer.
  2. Upgrade the Azure SQL Server.

Longer Answer

I replicated your error using .NET Framework 4.5 with this code block.

var builder = new SqlConnectionStringBuilder();
builder.DataSource = "tcp:" + serverName + ".database.windows.net,1433";
builder.InitialCatalog = databaseName;
builder.UserID = userId;
builder.Password = password;
builder.Encrypt = true;
builder.TrustServerCertificate = false;
builder.ConnectTimeout = 30;

var count = "";
var cmdText = "SELECT Count(*) FROM information_schema.columns";
using (var conn = new SqlConnection(builder.ConnectionString))
{
    conn.Open();
    using (var cmd = new SqlCommand(cmdText, conn))
    {
        count = cmd.ExecuteScalar().ToString();
    }
    conn.Close();
}
Console.WriteLine();
Console.WriteLine("The query returned {0} rows.", count);

As you experienced, the connection did NOT work after I disabled both SSL 3.0 and TLS 1.0 in Windows 10.

Enable TLS 1.1 and 1.2

What I needed to do was to enable the higher versions of TLS. Enabling TLS 1.1 and TLS 1.2 requires two steps:

  1. Edit the registry.
  2. Restart the computer.

There is a wonderful tool to edit those registry settings for you called IIS Crypto. Here is how it looks on my machine once only TLS 1.1 and 1.2 are enabled.

If you want to do it manually, you can read this KB article.

After editing the registry with IIS Crypto and restarting my computer, I tried again to connect to SQL Azure. The error had changed from what you originally received to the following:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The client and server cannot communicate, because they do not possess a common algorithm.)

The problem turned out to be that I was using the V2 version of SQL Azure.

Upgrade SQL Azure to V12

The V2 version of SQL Sever in Azure does not support the TLS 1.1 protocol. Once I upgraded to V12 all worked well. :)

相关阅读:
Top