September 28, 2022 at 2:18 pm
Folks, I know there are so many blog posts about this subject and I have read most of them. I still have one question about TLS 1.2.
Server = Windows Server 2019
SQL Version = 2019 CU16
Force Encryption = Yes (using a CA Certificate)
I found the SSC artical [SQL Server on TLS 1.2: XEvent session to catch TLS in use] to identify the protocal being used for encryption and when I check my servers it is showing TLS 1.2
The problem that I am having is that I am not seeing the TLS settings in the registry.
Question: Am I OK to tell the Security group that we are communicating with TLS 1.2.
Any help is appreciated.
Jeff
September 29, 2022 at 3:10 pm
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
September 30, 2022 at 3:05 pm
Folks, I did find the below website that talks about TLS settings. From what the site is saying it might be enabled by default and you can use the registy key and set them to enabled or you can use the registry key if you want to disable TLS.
https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
At the bottom there is a section called "TLS, DTLS, and SSL protocol version settings"
Any feedback is appreciated.
Jeff
October 14, 2022 at 5:09 pm
I spoke to a Server Administrator and he mentioned that Yes TLS is enabled by default on Windows Server 2019 and that all three versions are enabled 1.0, 1.1, 1.2. He said that we use the registry settings to disable the older less secure versions.
I used the extended event and was able to see that connections were using TLS 1.2. The extended event information is here
https://www.sqltact.com/2018/01/sql-server-on-tls-12-xevent-session-to.html
Unless someone has additional informaton I can safely say we are using TLS 1.2
Jeff
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply