How to get earlier versions of the Dynamics NAV development environment to work with TLS 1.2

@MeretheStave Merethe Stave
December 6, 2018
@provisionpoint ProvisionPoint
December 6, 2018

How to get earlier versions of the Dynamics NAV development environment to work with TLS 1.2

Some of you have been struggling to get your version of Dynamics NAV to work with a SQL Server database that has implemented the latest version of Transport Layer Security. TLS 1.2 support on SQL Server is explained in more detail in this article. As stated there, several known vulnerabilities have been reported against Secure Socket Layer (SSL) and earlier versions of Transport Layer Security (TLS), and we recommend that you upgrade to TLS 1.2 for secure communication.

Dynamics NAV supports TLS1.2 from the following versions (using the SecurityProtocol setting on the config file of the server):

VersionTLS 1.2 support addedDefault value
Dynamics NAV 2015Cumulative update 43SecurityProtocol.SystemDefault
Dynamics NAV 2016Cumulative update 31SecurityProtocol.SystemDefault
Dynamics NAV 2017Cumulative update 18SecurityProtocol.SystemDefault
Dynamics NAV 2018First release (RTM)SecurityProtocol.Tls12

The SystemDefault values of Dynamics NAV 2017 and earlier versions are there for backwards compatibility (as older versions of the .NET Framework are supported and they do not support TLS 1.2), and can only be set to Tls12 (3072 if Tls12 is not accepted) if you install, on top of the original .NET requirements, .NET Framework version 4.6.2 or preferably the latest version on the machine where the Dynamics NAV Server is running.

Note: The SystemDefault value might mean that Tls12 is already the default on certain systems, depending on the operating system and version of the .NET Framework.

For the Dynamics NAV development environment to be able to connect to a database hosted on a SQL Server that has only TLS 1.2 support, you must do the following:

  • Enable TLS 1.2 on the application server and disable all other protocols
  • Install SQL Server Native Client 11.0 or later, and make sure that it is a version that supports TLS 1.2. Also, make sure that the native client that you have installed is x86, as the development environment is x86.

A good reference on how to force protocols can be found here.

News Reporter
News Reporter
Head of Operations (Banking), Director IT Governance, Teamlead Microsoft, Service Delivery Manager. Interested in Office 365, LAMP, IT Security and much more!