March 5, 2019 at 11:05 pm
Hello DBAs,
I started playing around with encrypting connections with SSL. Now I created a server certificate. Enabled it in SSCM and set force encryption to "yes".
So I started testing with my SSMS.
1. connecting to the instance without "encrypt connection" checked. Connection succeeded.
Now I am confused. I expected the connection to be refused without "encrypt connection" checked and force encryption set to "yes" in the SSCM.
2. connecting to the instance with "encrypt connection" checked. Connection succeeded.
BTW: The server cert was loaded into the sql server. I checked the error logs.
The story continues: I tried another instance connection with SSMS where definitly no encryption is enabled or server certificate is used.
Suprise! I can establish a encrypted connection.
Any help is appriciated on this topic.
Cheers,
Marcus
March 13, 2019 at 8:04 pm
deubel_m - Tuesday, March 5, 2019 11:05 PM1. connecting to the instance without "encrypt connection" checked. Connection succeeded.
Now I am confused. I expected the connection to be refused without "encrypt connection" checked and force encryption set to "yes" in the SSCM.
Setting "Force Encryption" should force the connection to be encrypted, and if it cannot be encrypted then it will fail. You don't need to specify "Encrypt Connection" to make this happen.
Can you verify if your connection is encrypted without this setting:USE master
GO
SELECT encrypt_option FROM sys.dm_exec_connections
GO
More info:
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/bde679d9-ff83-4fa7-b402-42e336a97106/force-encryption-on-sql-server-not-working
https://serverfault.com/questions/558184/ms-sql-server-configured-for-secure-ssl-connection-allows-non-secure-connectio
https://dba.stackexchange.com/questions/75421/force-encryption-vs-force-protocol-encryption-in-sql-server
March 19, 2019 at 7:05 am
thanks! I'll give it a go
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply