What Bit AES used in ALWAYSON Endpoints?

Question

What Bit AES used in ALWAYSON Endpoints?

Joe-420121

Hall of Fame

Points: 3152
More actions
August 16, 2016 at 8:24 pm

#400585

Hello,
What bit [128? 256?] AES encryption used in creating endpoints for [HADR_ENDPOINT]?,
if [HADR_ENDPOINT] is scripted, the script has TAG [AES] as shown in below script.
For auditing purpose, we need to know the bit used in AES (128 bit?, 256 bit?).
Could NOT find documentation to show what BIT size used in the below script.
Please help to know and provide a valid documentation or screen shot / reference.
Your help is very much appreciated, thanks for your service.
=========================================
CREATE ENDPOINT endpoint_mirroring
STATE = STARTED
AS TCP ( LISTENER_PORT = 7022 )
FOR DATABASE_MIRRORING (
AUTHENTICATION = WINDOWS KERBEROS,
ENCRYPTION = REQUIRED AES)
GO
================================

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply

Perry Whittle SSC Guru Points: 234013 More actions · Answer 1

the default encryption in sql server 2016 is AES, I'm fairly certain that in 2014 it's RC4. The block length for AES is not listed as configurable for the create endpoint DDL statement, I'm 90% certain it's 256 bit

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" 😉

Joe-420121 Hall of Fame Points: 3152 More actions · Answer 2

Thanks for the reply,

Already created the ENDPOINT, and the ENDPOINT script has AES in it, the SQL Server SQL Server 2014.

so for the given AES, need to know the bit length. Need to a valid resource that says the AES length is 256 or something else as the auditor wants that information of bit length.

Thanks for the information, Very much appreciated.

Joe-420121 Hall of Fame Points: 3152 More actions · Answer 3

Hello,

called Microsoft tech support for help, they realized such information is NOT provided directly in the [CREATE ENDPOINT] T-SQL statement documentation, and provided me with a confirmation document saying that the length is 128 bit which supports my auditing requirement. In two weeks time, they said they will make this information to public and I will be notified, when such article available, I will post here. Thanks for your time, Very much appreciated.