客户有个特殊需求,只能使用TLS1.2,其余的都不行。
google了一下,发现要Enable/Disable TLS倒也不难
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocols]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000
搞笑的是我自己的reg文件中DisabledByDefault后面跟了个空格,结果我这边怎么都再现不了这个Bug,一切正常。
浪费了一天以后,终于能再现问题了,居然多发现一个crash issue。
最后结论是
1: SQL Server 2014不支持TLS 1.2,SP1以后才支持,
https://support.microsoft.com/en-au/help/3135244/tls-1-2-support-for-microsoft-sql-server
或者直接用2016/2017。
2: windows 自带的OLEDB driver不支持TLS 1.2,
https://stackoverflow.com/questions/46011694/does-microsoft-ole-db-provider-for-sql-server-support-tls-1-2
要用新版的msoledbsql_18.1.0.0_x64.msi
3: wcf callback channel默认不支持TLS 1.2
需要加
到app.config的
https://social.msdn.microsoft.com/Forums/en-US/f6f25498-65e5-4d62-b5f5-ea95837aa0de/the-client-and-server-cannot-communicate-because-they-do-not-possess-a-common-algorithm?forum=wcf
前两个还容易找到,最后一个太恶心了,要不是我正好碰到,谁会发现还有这么个setting啊!