We need to disable TLS 1.0 for PCI requirements (IIS is also running on this machine, yes I know best practice is to have SQL on its own machine, but this is just how it is)
My understanding is that TLS 1.2 should work if we're higher than SQL 2014 CU6
. CU7 for example, as per https://support.microsoft.com/en-us/kb/3046038
, would result in build 12.0.2495.0
, and we're at 12.0.4213.0
so we are higher than CU7 (right?
Based on this: https://support.microsoft.com/en-us/kb/3052404, running the latest updates on SQL 2014 should allow TLS 1.2 to work. However, when we disable TLS 1.0, the SQL service fails to start.
Our current build is:
Microsoft SQL Server 2014 - 12.0.4213.0 (X64)
Jun 9 2015 12:06:16 Copyright (c) Microsoft Corporation Web Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1) (Hypervisor)
From what I can tell we have a SQL 2014 build that should support TLS 1.2. Is there something further that has to be done to make this work?
SQL 2014 is running on a SQL 2008 R2
machine, I found this:
If you install SQL Server 2014 on Windows Server 2008 SP2, you can get the required update from here (https://support.microsoft.com/en-us/kb/956250
But this machine doesn't have ASP.NET 3.5 installed (it has ASP.NET 4.5), so I don't think that would even apply (unless ASP.NET 3.5 is REQUIRED for SQL 2014??)