3

I am familiar with implementing SSL encryption for data in transit by including "Encrypt=True" to the connection string and adding a certificate in SQL Server Configuration Manager for the instance in question.

How is TLS different from SSL and how is TLS enabled on SQL Server?

How do I know whether the encryption protocol being used is SSL or TLS?

Guru Josh
  • 433
  • 3
  • 5
  • 10
  • TLS and SSL are the same thing. (http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) – Limit Nov 14 '16 at 14:25
  • ^ The point of the question is the distinction between them (because they are not "the same thing"); just calling them "the same thing" in this context is confusing at best and harmful at worst. – TylerH Jan 15 '19 at 15:47

2 Answers2

3

TLS and SSL are effectively the same thing, but just different versions of each other where TLS is newer than SSL. More often than not people are actually referring to TLS.

In the scope of SQL Server, TLS is enabled via SChannel which is a/the Windows secure channel implementation. This is the same system used by HTTPS on Windows. It's enabled by default on Windows, but depending on what versions of everything are in play you would need to futz with some registry settings to enable things:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\***

Where there's Client/Server options with flags DisabledByDefault/Enabled. This KB goes into detail about enabling TLS 1.2 on the servers.

Which version of TLS you're using is dependent on a number of factors such as OS, server, and client versions. For instance SQL 2005 doesn't support TLS 1.2, and anything newer requires explicit configuration before it'll be activated. See the above-mentioned link for specifics.

I'm not aware of a way to extract the exact version used via API or configuration. You may have to check the TLS handshake via wireshark or similar.

Steve
  • 15,215
  • 3
  • 38
  • 66
  • This blog post details the process of enabling TLS 1.2 on Windows and has a PS script that will do it for you: https://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html – rstackhouse Aug 04 '17 at 14:55
2

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols and they are basically similar. And that they encrypt data and supports authentication between applications and servers.

Initially there was SSL. Then came a rename which is TLS. The term "SSL" is still used to reference versions 2/3 of the protocol, coining the "SSL/TLS" term you may have seen around. So, SSL became something else and the point of development which represents it is deemed insecure.

Layman sometimes still refer it to SSL and reference TLS as a version. So to avoid confusing yourself, here's an analogy. SSL is akin a steam engine train, TLS is our modern train.

Pretty lengthy to post the differences here. I'll redirect you to this sites for you to get an clear and in depth analysis.

SSL and TLS differences from Serverfault

As for enabling TLS on your SQL Server. This is a great guide from Microsoft regarding support for TLS 1.2 on various SQL versions and there is a youtube video(at the bottom) in the link which you can view.

Community
  • 1
Lester T.
  • 1,273
  • 1
  • 10
  • 22