March 8, 2012 at 8:55 am
Hi, i've recently been experimenting with encrypting connections to a SQL server (2008 R2) installation. I've not gone as far as creating SSL certificates and provisioning them on the server, i've simply made changes in the Config Manager to set FORCE ENCRYPTION and TRUST SERVER CERTIFICATE both to ON (or yes).
The question I have is: to what level does this encrypt data coming out of the server. I compared packets (using WireShark) before and after, and they do "look" like the data has been encrypted but I wanted to hear from other people who know a lot more on the subject.
Thanks in advance
Nick
March 8, 2012 at 10:08 am
SSL 40 or 128-bit depending on the capabilities of your OS.
http://msdn.microsoft.com/en-us/library/ms189067.aspx
CEWII
March 9, 2012 at 3:08 am
Thanks.
So essentially what this means is that (if my understanding is correct) by not provisioning a certificate and just setting FORCE ENCRYPTION ON - that we're using a self signed certificate that "does" encrypt data to and from the sql box, but is open to "man in the middle" attacks?
March 9, 2012 at 9:43 am
Yes, that is accurate. Depending on your network this may be a non-issue but it is good to understand the limitations.
CEWII
March 9, 2012 at 10:22 am
I'd agree with Elliot. Using a self-signed ceritificate doens't necessarily give you a hierarchy of trust for clients, but it may not be an issue.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply