Post reply

Force Encryption Option

  • February 19, 2010 at 4:54 am

    #230188

    Hi all,

    I have been doing alot of reading on this subject but was looking for a little clarification on a few points, if anyone can point me in the right direction it would be greatly appreciated.

    My setup:

    I have a 2008 Server with SQL 2008, I have created, using makecert.exe, and installed the certificate onto the machine.

    Before enabling the Force Encryption option I ran some tests with Netmon and could see and read the requests coming from the client application. I then swiched on the Enforce Encryption on the Server and re-ran the test's. I could no longer read the requests, came up with TLSSSLData:BinaryLargeObject, so I think that its done what I wanted it to do.

    My questions are:

    Is it really that straight forward or am I missing something?

    If I enforce it on the Server my understanding is that all trafic will be encrypted, is this correct?

    If I conect with an ODBC driver which doesnt specify the Encrypt=Yes attribute it will still encrypt the traffic?

    I can see the commands have become unreadable is it also true that the actual data is also encrypted?

    My understanding is that all authentication into SQL is encrypted, regardless of the Force Encryption property, is this correct?

    Does this work the same in SQL 2005?

    I havent quite got my head around the benefits of not Enforcing Encryption on the Server but doing it on the client. It would seem to make more sense and reliable to just to tell the server to encrypt everything. Can anybody adivse?

    Ok there are a bunch of questions/comments if anyone can give me any clarification then it would be greatly appreciated.

    Thanks

    Jon

  • February 23, 2010 at 10:44 pm

    #1124089

    It's been a while since I looked at this but I think you are correct that it is a simple process. I'm not positive on the ODBC part but I would imagine it encrypts if the server setting is used; you may want to test it to be certain. This link has a little information http://support.microsoft.com/kb/316898

    Matt.

  • February 24, 2010 at 1:11 pm

    #1124544

    Thanks for the reply.

    Yes, I've checked that article out, and many others, but thanks anyway.

    I have tested it and it seems to do what I expect but I think in a way it was so simple I thought I'd must have missed something because things are never normally that easy :w00t:

    Annyway thanks again.

    Jon

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply