This project has moved. For the latest updates, please go here.

Previous Setup No TCP Offload Manual Install Setup No SSL v3 Next

Setup TLS 1.2

FineBuild can enable Transport Layer Security v1.2 (TLS 1.2). TLS 1.2 allows encyption of data between the host and the client, which can significantly improve security.

Security Compliance

Setup TLS 1.2 configuration helps to reduce the network surface area available for attack. If you install SQL 2008 or above and setup Security Compliance then Setup TLS 1.2 configuration will always be implemented. TLS 1.2 is not available for SQL 2005.

FineBuild Setup TLS 1.2

Processing of Setup TLS 1.2 relates to Process Id 1DG in the FineBuild1Preparation script, and is controlled by the parameters below:
Install Parameter Build SQL Version Value
SetupTLS12 Any SQL2005 N/A
SetupTLS12 FULL SQL2008 and above Yes
SetupTLS12 CLIENT SQL2008 and above Yes
SetupTLS12 WORKSTATION SQL2008 and above Yes

Top

Manual Setup TLS 1.2

The following steps show what you would have to do to setup Setup TLS 1.2 manually. FineBuild does all of this work for you automatically.

Do not attempt to setup TLS 1.2 if you are installing SQL 2005 or below, as this will prevent clients from connecting to SQL Server.

1) Open the Registry Editor by Start -> Run and type regedit
RegeditCmd.png
2) Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client. If the registry key does not exist then create it.
PathClient.png
3) Set the value of the DWORD item DisabledByDefault to 0 (zero). If it does not exist then create it
default.png
4) Set the value of the DWORD item Enabled to 1. If it does not exist then create it
enable.png
5) Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server. If the registry key does not exist then create it.
PathServer.png
6) Set the value of the DWORD item DisabledByDefault to 0 (zero) and set the DWORD item Enabled to 1. If either value does not exist then create it

Copyright FineBuild Team © 2016. License and Acknowledgements
Previous Setup No TCP Offload Top Setup No SSL v3 Next

Last edited Nov 11, 2016 at 11:47 AM by EdVassie, version 2