SAP Knowledge Base Article - Public

2269180 - Disabling TLS 1.0 may cause Crystal Reports Designer and .NET application to fail to connect to your MS SQL Server Database 2012/2014

Symptom

We are using Crystal Reports Designer and Crystal Reports for .NET RAS service in a C# application.

Is Crystal Reports Designer and Crystal Reports for Visual Studio compatible with TLS 1.x+ ?

Note: Due to recent Security and Compliance updates TLS 1.0 may be be required to be disabled.

 

Environment

  • Crystal Reports Designer
  • Crystal Reports for Visual Studio
  • MS SQL Server 2012
  • MS SQL Server 2014
  • MS SQL Server 2016
  • May be other that have not been reported at this time

Cause

Please NOTE: Be aware that database connectiivity is all handled by the DB Client, as long as the client is configured properly CR does not care what security protocal is configured

Resolution

Microsoft noted in this KBA there may be an issue when disabling TLS 1.0

https://msdn.microsoft.com/en-us/library/ff487261.aspx

Mentioned: SQL Server and Microsoft data providers for SQL Server support TLS 1.0 and SSL 3.0. If you enforce a different protocol (such as TLS 1.1 or TLS 1.2) by making changes in the operating system SChannel layer, your connections to SQL Server might fail.

MS also release a few patches to resolve this issue:

https://support.microsoft.com/en-us/kb/3052404

CR Designer and our CR for VS .NET SDK's do not use TLS to talk to the DB Server, they use the CORBA and TCP/IP protocals.

Microsoft has now undeprecated their OLE DB providers and have plans to release an update the first quarter of 2018 to be TLS 1.2 Compliant and fully support TLS 1.2

To enable/disable TLS 1.x for the OS using registry keys see this MS KB article:

https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS12

Bottom line is as long as your Client is configured to use TLS 1.2 then CR and CR for VS applications will be albe to connect using the typical connection properties within CR DEsigner and your application.

A quick test is to use ODBC, Create a new System DSN and once the info is filled in Test the connection, if you get that far it shoudl work. Possibly though it will fail when first attempting to get a list of Database to use.

See Also

Microsoft Knowlwdge base article on support for All versions of MS SQL Servers and disabling TLS 1.x:

https://support.microsoft.com/en-ca/help/3135244/tls-1-2-support-for-microsoft-sql-server

Keywords

TLS 1.0, Crystal Reports Designer, .NET, CRforVS, MS SQL Server Database , KBA , BI-DEV-NET , BI Software Development Kits (SDKs) - .NET or Other , BI-RA-CR , Crystal Reports designer or BusinessViews Manager , Problem

Product

SAP Crystal Reports 2011 ; SAP Crystal Reports 2013 ; SAP Crystal Reports 2016 ; SAP Crystal Reports, developer version for Microsoft Visual Studio