database instances and TLS security
Posted by: Cal Miyatake
Date: August 26, 2019 02:05PM

I am not a SQL Admin but need your help. I perform remediations for security vulnerabilities. Our company scan recently detected "TLS Server version 1.0 is Enabled" vulnerability on our SQL server 2012. When we do the remediation, servers connecting to the SQL server lose connection. So, we've restored the TLS settings. But, when we remediate the other non-SQLservers the same problem exists. Connection is lost. We can not remediate one without doing so to the other. My supervisor wants to know how the sql database instances are affected by a change in TLS versioning (i.e. if we deprecate TLS version 1.0 and 1.1 in favor of TLS version 1.2 while keeping the non-SQL servers connecting to the databases at TlS 1.0 or TLS1.1). What should we do to ensure that continued communication exists between the SQL Server and the connecting non-SQL servers? What if a NON-SQL server REQUIRES TLS version 1.0, how can we remediate the SQL Server w/o losing connection?

Options: ReplyQuote

Written By
database instances and TLS security
August 26, 2019 02:05PM
August 26, 2019 02:23PM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.