SSIS:Advisory:DQC for SSIS & TLS 1.2

From Melissa Data Wiki
Jump to navigation Jump to search

← SSIS:Data Quality Components


TLS 1.0/1.1 Security Vulnerabilities

TLS 1.0 and 1.1 are no longer considered to be secure. They do not support modern cryptographic algorithms and are proven to be vulnerable to exploits. Most major technology companies have either already deprecated TLS 1.0 and 1.1

In order to stay current with industry standards for privacy and security in our audits, we must close vulnerabilities like TLS 1.0 and 1.1 for our web services.

When attempting to connect to a TLS 1.2 enabled web service or higher using DQC for SSIS you may encounter this error:

Error verifying service: The request was aborted: Could not create SSL/TLS secure channel.

The reason being is that DQC for SSIS natively runs on TLS 1.0 while the web service requires TLS 1.2. In order to connect, a registry edit must be made for DQC for SSIS to use TLS 1.2 instead.


Enforcing TLS 1.2

Follow the instructions below to enforce TLS 1.2 in your environment.

  1. Find the latest Microsoft Cumulative Update for the version of SQL Server being used.
  2. If your machine already has the latest updates or is unable to install, continue to the next step.
  3. In the Registry Editor, go to the directories mentioned below and add a Dword entry named SchUseStrongCrypto with a value of 1 for each directory.
  4. .NETFramework Directory

    You can override the default behavior in following registry:

    Key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
    Value: SchUseStrongCrypto
    Type: REG_DWORD
    Data : 1
    

    And

    Key : HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319
    Value: SchUseStrongCrypto
    Type: REG_DWORD
    Data : 1
    

    Restart the machine, open up a DQC for SSIS project, and perform a Test Configuration to ensure you are connected successfully.

    SSIS will now successfully connect to a TLS 1.2 web service.


Native Integration

We are currently working on natively integrating TLS 1.2 with DQC Components for SSIS and future releases with support for TLS 1.2 will be announced on SSIS:Data Quality Components.