[ODBC SQL Server Driver][DBNETLIB]SSL Security error (18) | How to Enable TLS 1.0 and TLS 1.1 in Windows Server Registry

 Introduction:

 

When encountering SSL security errors such as "[ODBC SQL Server Driver][DBNETLIB]SSL Security error (18)" while trying to establish connections to SQL Server databases on Windows Server 2016, it may be necessary to enable TLS 1.0 and TLS 1.1. By default, these protocols are disabled in favor of more secure versions like TLS 1.2. In this article, we will guide you through the process of enabling TLS 1.0 and TLS 1.1 in the Windows Server registry, allowing your applications to connect successfully.

Step-by-Step Guide:

Step 1: Open the Registry Editor

Press the Windows key + R on your keyboard to open the Run dialog.
Type "regedit" and press Enter. This will launch the Registry Editor.

Step 2: Navigate to the TLS 1.0 Client Subkey

In the Registry Editor, navigate to the following location:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0\Client\

Step 3: Modify the TLS 1.0 Client Settings

Within the TLS 1.0 Client subkey, look for a DWORD value named "Enabled". If it doesn't exist, create it.

Double-click on the "Enabled" value and set the value data to "1" or "ffffff". This enables TLS 1.0 for client connections.

Step 4: Repeat for TLS 1.0 Server Subkey

Navigate to the TLS 1.0 Server subkey located at:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0\Server\
Modify or create the "Enabled" DWORD value and set it to "1". This enables TLS 1.0 for server connections.

Step 5: Enable TLS 1.1

Navigate to the TLS 1.1 Client and Server subkeys located at:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.1\Client\ and Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.1\Server\ respectively.
Modify or create the "Enabled" DWORD values and set them to "1".
Step 6: Restart the Server

After making these registry changes, restart your Windows Server to apply the new TLS settings.
Conclusion:

By following the steps outlined in this article, you can enable TLS 1.0 and TLS 1.1 in the Windows Server registry, resolving SSL security errors that prevent successful connections to SQL Server databases. However, it's important to note that enabling older versions of TLS may have security implications. It's recommended to assess the security requirements of your environment and consider upgrading to more secure TLS versions, such as TLS 1.2 or TLS 1.3, if possible.

Remember, it's always essential to perform appropriate testing and ensure the compatibility of your applications after making any changes to the registry.

Please note: Modifying the Windows registry can have serious consequences if done incorrectly. It is advisable to create a backup of the registry before making any changes and proceed with caution.