We are trying to make all our applications support TLS 1.2
encrypted communication - most clients seem to suddenly
be requiring it.
When connecting to SQL server DBS we set:
provider to prDirect
Encrypt to TRUE
TrustServerCertificate to TRUE
This seems to do the job - BUT if pooling is turned on
(which we normally are indeed using)
we get an exception on connection:
"The certificate is not trusted by the trust provider."
Is this to be expected? Is there a trick to keep pooling
action with those other values set in this way?
thanks,
tonyM
TLS 1.2 + encrypt + prDirect + pooling
Re: TLS 1.2 + encrypt + prDirect + pooling
It might be that the TrustServerCertificate connection option isn't set to True in some of the TMSConnection instances.
Re: TLS 1.2 + encrypt + prDirect + pooling
With 'Sql Server Management Console' I can check 'Encrypt' add 'TrustServerCertificate=True' to the connection string and connect. This Query returns true:
Code: Select all
SELECT encrypt_option FROM sys.dm_exec_connections WHERE session_id = @@SPID
Code: Select all
Con.SpecificOptions.Values['SQL Server.Provider'] := 'prNativeClient';
Con.SpecificOptions.Values['SQL Server.TrustServerCertificate'] := True.ToString;
Con.SpecificOptions.Values['SQL Server.Encrypt'] := True.ToString;
Code: Select all
EMSError with message 'SSL Provider: The certificate chain was issued by an authority that is not trusted.
Code: Select all
Con.SpecificOptions.Values['SQL Server.Provider'] := 'prNativeClient';
Con.SpecificOptions.Values['SQL Server.TrustServerCertificate'] := True.ToString;
Con.SpecificOptions.Values['SQL Server.Encrypt'] := True.ToString;
Con.Pooling := False;
Code: Select all
SELECT encrypt_option FROM sys.dm_exec_connections WHERE session_id = @@SPID
Re: TLS 1.2 + encrypt + prDirect + pooling
Thank you for the information. We have fixed the issue, and the fix will be included in the next UniDAC build.