How to get earlier versions of the Dynamics NAV development environment to work with TLS 1.2
Some of you have been struggling to get your version of Dynamics NAV to work with a SQL Server database that has implemented the latest version of Transport Layer Security. TLS 1.2 support on SQL Server is explained in more detail in this article. As stated there, several known vulnerabilities have been reported against Secure Socket Layer (SSL) and earlier versions of Transport Layer Security (TLS), and we recommend that you upgrade to TLS 1.2 for secure communication.
Dynamics NAV supports TLS1.2 from the following versions (using the SecurityProtocol setting on the config file of the server):
Version | TLS 1.2 support added | Default value |
---|---|---|
Dynamics NAV 2015 | Cumulative update 43 | SecurityProtocol.SystemDefault |
Dynamics NAV 2016 | Cumulative update 31 | SecurityProtocol.SystemDefault |
Dynamics NAV 2017 | Cumulative update 18 | SecurityProtocol.SystemDefault |
Dynamics NAV 2018 | First release (RTM) | SecurityProtocol.Tls12 |
The SystemDefault values of Dynamics NAV 2017 and earlier versions are there for backwards compatibility (as older versions of the .NET Framework are supported and they do not support TLS 1.2), and can only be set to Tls12 (3072 if Tls12 is not accepted) if you install, on top of the original .NET requirements, .NET Framework version 4.6.2 or preferably the latest version on the machine where the Dynamics NAV Server is running.
Note: The SystemDefault value might mean that Tls12 is already the default on certain systems, depending on the operating system and version of the .NET Framework.
For the Dynamics NAV development environment to be able to connect to a database hosted on a SQL Server that has only TLS 1.2 support, you must do the following:
- Enable TLS 1.2 on the application server and disable all other protocols
- Install SQL Server Native Client 11.0 or later, and make sure that it is a version that supports TLS 1.2. Also, make sure that the native client that you have installed is x86, as the development environment is x86.
A good reference on how to force protocols can be found here.