September 27, 2024 at 1:33 pm
I assume SSMS V20 encryption and SQL Server SSL encryption are different. I have a few queries. Please see below.
Do these two encryptions conflict?
Can we make 'SQL Server SSL Encryption' optional? So we can control which applications to bypass SSL and force others?
Is there any other things we should be aware of having these two encryptions?
P.S. We have SQL server versions 2016,2017, 2019 and 2022.
Reference:
(SSMS V20 encryption)
(SSL Encryption)
https://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-server/
September 28, 2024 at 2:10 pm
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
September 29, 2024 at 9:15 am
There is no conflict.
SSL encryption is configured on the server/host.
When you connect to that server from SSMS, you decide what type of connection encryption to use (optional, mandatory or strict) and whether to trust the server's own cert (mandatory) or require the server to have a 'proper' cert, as issued by a certificate authority (strict).
Connecting to a server which has a full cert configured, but using 'Optional' as the encryption type, is not a problem.
The absence of evidence is not evidence of absence
- Martin Rees
The absence of consumable DDL, sample data and desired results is, however, evidence of the absence of my response
- Phil Parkin
October 8, 2024 at 12:57 pm
Thank you Phil for the details.
October 8, 2024 at 3:22 pm
SSL encryption is configured on the server/host. But imagine a scenario where SSL is not configured . How does it look if SSMS choose encryption as mandatory and checks 'Trust Certificate'? In case there isn't a real certificate implemented. But based on my checks this configuration will allow to connect using SSMS .
October 8, 2024 at 3:33 pm
SSL encryption is configured on the server/host. But imagine a scenario where SSL is not configured . How does it look if SSMS choose encryption as mandatory and checks 'Trust Certificate'? In case there isn't a real certificate implemented. But based on my checks this configuration will allow to connect using SSMS .
That's by design. But now try doing that with Strict and the connection should fail.
The absence of evidence is not evidence of absence
- Martin Rees
The absence of consumable DDL, sample data and desired results is, however, evidence of the absence of my response
- Phil Parkin
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply