"pigeon" wrote:
> oh yeah.. we are using win2k server
> and ms sql 2000

I keep playing with the 2 keys: Certificate and Encrypt (both Reg
Dword) in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\ Client\SuperSoc
ketNetLib

and here is the output:

Cert = 1
Encryption (key renamed to _Encryption)
(client request encryption = encryption not supported... but if no
client requestio encryption = fine)


Cert = 1
Encryption = 0
then i get "encryption not supported on sql server"

but if I do
cert = 1
encrption =1
then I get "encryption request but no valid cert was found"

Also note:
cert = 0
encryption = 0
then I get ssl security error

or when I do
encryption = 0
rename cert to _cert
then i get "bind failed to 1433" in the event log

Here are some more:
Encryption =0
Certificate = (fingerprint of cert)
then i get "bind failed to 1433" in the event log

Encryption =1
Certificate = fingerprint of cert
(This will encrypt all the traffic.. and this works.. but a lot of our
software is etup to do request ssl client side.. and of course
clientside and serverside ssl request do not work... (another known
’flaw’.. )

or
cert = fingerprint
renamed encryption to _encryption
then i get "bind failed to 1433" in the event log

or
cert = 0
renamed encryption to _encryption
then i get "bind failed to 1433" in the event log

my certificate’s name is the computer name (netbios).. i can also ping
name of computer.. and that name is on the cert...

I only have one certificate installed for this server..

Any ideas?

"pigeon" wrote:
> I keep playing with the 2 keys: Certificate and Encrypt (both
> Reg Dword) in:
> HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSSQLServerClie ntSuper
> SocketNetLib
>
> and here is the output:
>
> Cert = 1
> Encryption (key renamed to _Encryption)
> (client request encryption = encryption not supported... but
> if no client requestio encryption = fine)
>
>
> Cert = 1
> Encryption = 0
> then i get "encryption not supported on sql server"
>
> but if I do
> cert = 1
> encrption =1
> then I get "encryption request but no valid cert was found"
>
> Also note:
> cert = 0
> encryption = 0
> then I get ssl security error
>
> or when I do
> encryption = 0
> rename cert to _cert
> then i get "bind failed to 1433" in the event log
>
> Here are some more:
> Encryption =0
> Certificate = (fingerprint of cert)
> then i get "bind failed to 1433" in the event log
>
> Encryption =1
> Certificate = fingerprint of cert
> (This will encrypt all the traffic.. and this works.. but a
> lot of our software is etup to do request ssl client side..
> and of course clientside and serverside ssl request do not
> work... (another known 'flaw'.. )
>
> or
> cert = fingerprint
> renamed encryption to _encryption
> then i get "bind failed to 1433" in the event log
>
> or
> cert = 0
> renamed encryption to _encryption
> then i get "bind failed to 1433" in the event log
>
> my certificate's name is the computer name (netbios).. i can
> also ping name of computer.. and that name is on the cert...
>
> I only have one certificate installed for this server..
>
> Any ideas?

And yes..
I have looked at:
http://support.microsoft.com/kb/322144

and nearly everything on google’s results for "connectionopen
(SeCDoClientHandshake().]SSL Security error."

pigeon (DoNotEmail@dbForumz.com) writes:
> Ok.. it looks like we can only initiate a secure transaction
> serverside.. when we try to initiate a secure connection clientside
> (of course serverside encrypttion has to be off).. then we get the SSL
> security error.

I have never worked with encryption, so I don't know. I did actually
play with it recently for a test script, and I think I arrived at a
similar conclusion. But I did not even have a certificate. (What I wanted
to test was whether a module that I have handles the Encyption option
correctly, but I had to leave that out.)

I've relayed your posts to our internal MVP forum, to see if anywhere there
knows about this.

--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp

"Erland Sommarskog" wrote:
>pigeon (DoNotEmail@dbForumz.com) writes:
>> Ok.. it looks like we can only initiate a secure transaction
>> serverside.. when we try to initiate a secure connection clientside
>> (of course serverside encrypttion has to be off).. then we get the
>SSL
>> security error.
>
>I have never worked with encryption, so I don’t know. I did
>actually
>play with it recently for a test script, and I think I arrived at a
>similar conclusion. But I did not even have a certificate. (What I
>wanted
>to test was whether a module that I have handles the Encyption option
>correctly, but I had to leave that out.)
>
>I’ve relayed your posts to our internal MVP forum, to see if
>anywhere there
>knows about this.
>

Great thanks!

I figured it out.. and I think it is just a bug

the solution to my problem was to
create a key in the registry named "certificate" and put my
certificate’s thumbprint in the key.

This is somewhat normal..

but the other wierd thing is...

In order to have encrypted or unencrypted traffic, I have to tell SQL
to ’force encryption’ via creating a certificate named "encrypt" and
putting this value to 1

w2k
ms sql 2000 sp4

--
Posted using the http://www.dbforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbforumz.com/General-Disc...ict235551.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbforumz.com/eform.php?p=819787

pigeon (UseLinkToEmail@dbForumz.com) writes:
> I figured it out.. and I think it is just a bug

Glad to hear that you have things working!

Whether this is a bug or by design is beyond my knowledge to tell. I've
forwarded your post to our MVP forum at Microsoft. If I hear any comments
I will report back. (Or someone else will find your posting and reply.)



--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinf...2000/books.asp