Error 772 appears when a client tries to connect to SQL Server using encryption algorithms that its network library cannot handle.
SQL Server Error 772 – “Encryption not supported on the client” – means the client network library can’t negotiate TLS/SSL encryption with the server. Upgrade the SQL Client (ODBC/OLE DB/.NET), enable modern TLS versions, or disable “Force Encryption” on the SQL Server endpoint to resolve the error.
Cannot connect to <server>. Encryption not supported on the client. (Microsoft SQL Server, Error: 772)
Error 772 occurs during the login handshake when SQL Server insists on an encrypted channel but the client network stack lacks a compatible encryption algorithm.
The connection is rejected before authentication finishes.
The error is common after tightening security—enabling "Force Encryption" or disabling older TLS versions—while legacy clients still use outdated providers.
The failure blocks application connectivity, breaks automation jobs, and can cascade into service outages. Resolving it quickly restores availability while keeping data-in-transit secure.
Mismatch between server’s required TLS/SSL protocols and the client’s supported cipher suites triggers the error.
Deprecated providers such as SQL Server Native Client 10.0 or early .NET Framework versions cannot speak TLS 1.2.
Registry or Group Policy settings that disable weak protocols may unintentionally exclude every algorithm the client knows, leaving no common method.
Upgrade the client libraries to versions that support TLS 1.2 or TLS 1.3.
If upgrading isn’t possible, temporarily disable “Force Encryption” or enable a mutually supported protocol on the server.
As a last resort, install a modern ODBC driver (e.g., Microsoft ODBC Driver 18 for SQL Server) and reconfigure connection strings to use it.
Legacy Windows Services: Services compiled against System.Data.SqlClient in .NET 3.5 fail after a server TLS hardening.
Re-target to .NET 4.8+ or add OdbcConnection through ODBC Driver 18.
Third-party Apps: Vendor software embedding SQL Native Client 2008 cannot be patched quickly. Set Force Encryption = No and restrict access by firewall until vendor ships an update.
Standardize on a current SQL client driver across all hosts. Automate driver deployment with configuration management to prevent drift.
Before disabling protocols, run a test matrix that simulates every client type.
Monitor failed logins in Errorlog for state 20 events to catch early signs.
Galaxy’s modern SQL editor bundles the latest Microsoft ODBC driver, guaranteeing TLS 1.2+ support. Its connection health-check flags cipher mismatches before runtime, helping teams correct configs proactively.
No. Azure SQL enforces modern TLS and provides up-to-date client libraries in connection strings, preventing Error 772.
Yes, but only as a stop-gap. Disabling encryption exposes data-in-transit and violates compliance rules.
ODBC Driver 17/18, JDBC 9.4+, .NET 4.6+, and SQLCMD v18 fully support TLS 1.2.
Galaxy ships with the latest Microsoft ODBC driver and performs pre-connect TLS checks, ensuring connections won’t fail due to outdated encryption support.
.png)
.avif){kind=logo}
