FIX: The encrypted endpoint communication with TLS 1.2 fails when you use SQL Server

When you use AlwaysOn Availability Group, Database Mirroring, or Service Broker in Microsoft SQL Server, the encrypted endpoint communication with Transport Layer Security (TLS) protocol version 1.2 fails. Additionally, you receive the following error message in the SQL Server Error log:
Connection handshake failed. An OS call failed: (80090331) 0x80090331(The client and server cannot communicate, because they do not possess a common algorithm.). State 56.
The windows event log will report the following SChannel error:
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.

The endpoint communication in SQL Server doesn't support TLS protocol version 1.2. 
This issue is fixed in recent versions of SQL Server. The list of SQL Server versions that support TLS protocol version 1.2 is available in the following article in the Microsoft Knowledge Base:

3135244 TLS 1.2 support for Microsoft SQL Server
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.

Article ID: 3135852 - Last Review: 01/30/2016 00:02:00 - Revision: 1.0

Microsoft SQL Server 2014 Developer, Microsoft SQL Server 2014 Enterprise, Microsoft SQL Server 2014 Standard, Microsoft SQL Server 2012 Developer, Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2012 Standard, Microsoft SQL Server 2008 R2 Developer, Microsoft SQL Server 2008 R2 Enterprise, Microsoft SQL Server 2008 R2 Standard, Microsoft SQL Server 2008 Developer, Microsoft SQL Server 2008 Enterprise, Microsoft SQL Server 2008 Standard

  • kbqfe kbsurveynew kbfix kbexpertiseadvanced KB3135852