Information

Title	SQL DataServer connection fails after changing to TLSv1.2

URL Name	sql-dataserver-connection-fails-after-change-to-tlsv1-2

Article Number	000114383

Environment	Product: OpenEdge Version: All supported versions OS: Windows Other: Microsoft SQL Server ODBC driver, DataServer for Microsoft SQL Server, Pro2SQL

Question/Problem Description

SQL DataServer connection fails after changing to TLSv1.2.

Pro2 fails after changing to TLS v1.2.

DataServer connection to Microsoft SQL Server via the SQL Server ODBC driver fails with errors.

Test Connect with the SQL Server ODBC driver fails with errors.

08001: [Microsoft][ODBC SQL Server Driver][Shared Memory]SSL Security error
01000: [Microsoft][ODBC SQL Server Driver][Shared Memory]ConnectionOpen (SECCreateCredentials()).
Failed to connect to the MSS database. (6142)

Dataserv.lg reflects the same errors:

MSS -- Login to dataserver db as user oech1::2333. (2689)
MSS -- SQLState: 08003
MSS -- Native Error Code: 0
MSS -- Error Message: [Microsoft][ODBC Driver Manager] Connection not open (15044)
MSS -- SQLState: 08001
MSS -- Native Error Code: 18
MSS -- Error Message: [Microsoft][ODBC SQL Server Driver][DBMSLPCN]SSL Security error (15044)
MSS -- SQLState: 01000
MSS -- Native Error Code: 1
MSS -- Error Message: [Microsoft][ODBC SQL Server Driver][DBMSLPCN]ConnectionOpen (SECCreateCredentials()). (15044)
MSS -- Logoff from dataserver db as user oech1::2333. (2690)

SSLv3, TLSv1 and TLSv1.1 have been disabled on the server.

TLSv1.2 is enabled.

Problem does not occur when using the SQL Server Native Client driver.

Problem does not occur when using the OpenEdge Wire Protocol Driver for MS SQL Server.

Steps to Reproduce

Clarifying Information

Using the SQL Server ODBC driver (SQLSRV32.DLL) to make the connection to SQL Server.

Error Message	08001: [Microsoft][ODBC SQL Server Driver][Shared Memory]SSL Security error 01000: [Microsoft][ODBC SQL Server Driver][Shared Memory]ConnectionOpen (SECCreateCredentials()). Failed to connect to the MSS database. (6142)

Defect Number

Enhancement Number

Cause

This is expected behavior. The SQL Server ODBC driver (SQLSRV32.DLL) does not support TLS 1.2.

Resolution

Change to the other ODBC drivers with TLSv1.2 support that are certified for use with the DataServer:

OpenEdge 11.6 ODBC Wire Protocol Driver for MS SQL Server
OpenEdge <11.7 - 12.x> Wire Protocol Driver for MS SQL Server
SQL Server Native Client

Re-generate the schema holder against the new ODBC driver.

Workaround

Notes

TLS v1.1 and TLS v1.2 are supported from version 7.15 of the OpenEdge Wire Protocol Driver for MS SQL Server.
Versions of the OpenEdge Wire Protocol Driver for MS SQL Server shipped with 11.5.x and lower do not support TLS v1.1 and TLS v1.2.

Refer to the Microsoft article "TLS 1.2 support for Microsoft SQL Server" (link below) for more information about which SQL Server Native Client drivers support TLS v.1.2.
Refer to the OpenEdge Product Availability Guides to find information about which SQL Server Native Client drivers have been certified for use with DataServer for Microsoft SQL Server.

References to other documentation:

Progress article(s):
Support for TLS v1.1 and v1.2 in DataDirect Connect and Connect64 for ODBC drivers
Where is the OpenEdge Product Availability and Life Cycle Guide?

Microsoft article(s):
TLS 1.2 support for Microsoft SQL Server - https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server

Keyword Phrase

Last Modified Date	11/20/2020 6:55 AM