SSMS V20 encryption  vs  SQL Server SSL Encryption

  • I assume SSMS V20 encryption and SQL Server SSL encryption are different. I have a few queries. Please see below.

    Do these two encryptions conflict?

    Can we make 'SQL Server SSL Encryption' optional? So we can control which applications to bypass SSL and force others?

    Is there any other things we should be aware of having these two encryptions?

    P.S. We have SQL server versions 2016,2017, 2019 and 2022.

    Reference: 

    (SSMS V20 encryption)

    https://www.mssqltips.com/sqlservertip/8012/sql-server-management-studio-20-new-features-and-functionality

    (SSL Encryption)

    https://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-server/

    https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver16

  • Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

  • There is no conflict.

    SSL encryption is configured on the server/host.

    When you connect to that server from SSMS, you decide what type of connection encryption to use (optional, mandatory or strict) and whether to trust the server's own cert (mandatory) or require the server to have a 'proper' cert, as issued by a certificate authority (strict).

    Connecting to a server which has a full cert configured, but using 'Optional' as the encryption type, is not a problem.

    The absence of evidence is not evidence of absence.
    Martin Rees

    You can lead a horse to water, but a pencil must be lead.
    Stan Laurel

  • Thank you Phil for the details.

  • SSL encryption is configured on the server/host. But imagine a scenario where SSL is not configured . How does it look if SSMS choose encryption as mandatory and checks 'Trust Certificate'? In case there isn't a real certificate implemented. But based on my checks this configuration will allow to connect using SSMS .

     

     

  • tonytiger5812 wrote:

    SSL encryption is configured on the server/host. But imagine a scenario where SSL is not configured . How does it look if SSMS choose encryption as mandatory and checks 'Trust Certificate'? In case there isn't a real certificate implemented. But based on my checks this configuration will allow to connect using SSMS .

    That's by design. But now try doing that with Strict and the connection should fail.

    The absence of evidence is not evidence of absence.
    Martin Rees

    You can lead a horse to water, but a pencil must be lead.
    Stan Laurel

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply