How to enable only TLS 1.2 to use with Statistica and SQL Server?
Article ID: KB0070847
Updated On:
| Products | Versions |
|---|---|
| Spotfire Statistica | 14.0 and higher |
Description
How to enable TLS 1.2 and disable TLS 1.1 and TLS 1.0?
Environment
Windows operating systems only
Resolution
Only TLS 1.1 and TLS 1.0 enabled
Prior to changing to TLS 1.2, TLS 1.1 and TLS 1.0 is enabled. A SQL driver, not ODBC SQL Driver 17, must be used. Then when opening Statistica, we can see TLS 1.x traffic between SQL Server and Statistica.
I. DSN configuration:
II. Launch Statistica by holding Shift key to bring up Enterprise login:
III. After logging in and opening Statistica Enterpirse and opening a workspace, we see traffic between SQL Server (IP Address: 10.69.42.34) and Statistica Enterprise (IP Address: 10.69.42.48):
Enabling only TLS 1.2
DISCLAIMER : TIBCO Software does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986
1. Go to Start>>Run
2. Type in regedit and click OK
3. Go to this location: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols, which will look like the following:
Change the registry settings as below. New keys may need to be added (if needed, see https://support.microsoft.com/en-us/topic/how-to-add-modify-or-delete-registry-subkeys-and-values-by-using-a-reg-file-9c7f37cf-a5e9-e1cd-c4fa-2a26218a1a23):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
4. Restart the server
5. Verified DSN is ODBC Driver 17 for SQL Server:
6. Launch Statistica by holding Shift key to bring up Enterprise login using the DSN above:
7. Open a workspace from Enterprise Manager:
8. Open Wirehsark application
9. Validate TLS 1.2 traffic only from Statistica Enterprise to SQL Server:
Prior to changing to TLS 1.2, TLS 1.1 and TLS 1.0 is enabled. A SQL driver, not ODBC SQL Driver 17, must be used. Then when opening Statistica, we can see TLS 1.x traffic between SQL Server and Statistica.
I. DSN configuration:
II. Launch Statistica by holding Shift key to bring up Enterprise login:
III. After logging in and opening Statistica Enterpirse and opening a workspace, we see traffic between SQL Server (IP Address: 10.69.42.34) and Statistica Enterprise (IP Address: 10.69.42.48):
Enabling only TLS 1.2
DISCLAIMER : TIBCO Software does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986
Note: We acutally crashed a 10.69.42.48 server while testing this senario with bad registry entries. So Statistica Enterprise (IP Address: 10.69.42.48) is no longer available so we are now using Statistica Enterprise (IP Address: 10.69.42.45) with the same SQL Server (IP Address: 10.69.42.34).
1. Go to Start>>Run
2. Type in regedit and click OK
3. Go to this location: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols, which will look like the following:
Change the registry settings as below. New keys may need to be added (if needed, see https://support.microsoft.com/en-us/topic/how-to-add-modify-or-delete-registry-subkeys-and-values-by-using-a-reg-file-9c7f37cf-a5e9-e1cd-c4fa-2a26218a1a23):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
4. Restart the server
5. Verified DSN is ODBC Driver 17 for SQL Server:
6. Launch Statistica by holding Shift key to bring up Enterprise login using the DSN above:
7. Open a workspace from Enterprise Manager:
8. Open Wirehsark application
9. Validate TLS 1.2 traffic only from Statistica Enterprise to SQL Server:
Issue/Introduction
This article will show the steps to enable only TLS 1.2, thus disabling TLS 1.0 and 1.1 while using the appropriate driver for SQLServer.
Feedback
Yes
No
Powered by
