How to test TLS 1.3 with SQL Server 2022 with TDS 8.0 and TLS 1.3 enabled.

Basamma Nagonde 6 Reputation points
2022-12-06T11:06:36.363+00:00

Hi,

I am struggling to test the TLS 1.3 with SQL server 2022. As the msdn document mention its now available for use.

We cannot start SQL server if TLS1.2 is disabled..
I have both 1.2 and 1.3 enabled with TDS 8.0 in place for sql server - Added host certificate for it also.
When I try to connect to sql server using SSMS I get below error in event viewer -

The SQL Server or the endpoint is configured to accept only strict (TDS 8.0 and above) connections. The connection has been closed.

Also, I can test the connection is working or not using OLE DB driver's provided by MS from below link -
https://learn.microsoft.com/en-us/sql/relational-databases/security/networking/connect-with-strict-encryption?view=sql-server-ver16

While connecting to SSMS with TLS 1.2 disabled - I get below error -

Earlier I have created the case :https://learn.microsoft.com/en-us/answers/questions/1097203/how-to-test-tls-13-is-enabled-and-sql-is-using-it.html?childToView=1117944#comment-1117944t.html

SQL Server | Other
{count} vote

6 answers

Sort by: Most helpful
  1. Seeya Xi-MSFT 16,586 Reputation points
    2022-12-07T02:59:48.517+00:00

    Hi @Basamma Nagonde ,

    Please try to use the same account to reply.
    In addition to the methods you know from the previous post, you can also see directly through the registry what protocols are enabled.
    Locate the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
    267960-image.png

    Finally, please refer to this document: TDS 8.0 and TLS 1.3 support
    To leverage TDS 8.0, SQL Server 2022 (16.x) added strict as an additional connection encryption type to SQL Server drivers (Encrypt=strict). Download the latest version of the ODBC or OLE DB drivers to use the strict connection encryption type.
    From here, you can see the current version.
    268004-image.png

    Best regards,
    Seeya


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

  2. Dan Guzman 9,406 Reputation points
    2022-12-06T11:44:16.227+00:00

    SSMS uses the .NET System.Data.SqlClient API, which has not been updated for TDS 8.0 support as of this writing. You'll need to connect using an application that uses .NET Microsoft.Data.SqlClient 5.0 or the latest ODBC/OLE DB drivers (as you already have done successfully).

    I expect tooling will be enhanced to better support TDS 8.0 at some point but I have not heard a timeframe.

    0 comments No comments

  3. Basamma Nagonde 1 Reputation point
    2022-12-06T12:40:28.31+00:00

    Thanks, how can I test TLS 1.3 security for sql server. I want to verify can we see is SQL using TLS 1.3 or different protocol.
    I know we have made all the required setting, but any way we can test?

    0 comments No comments

  4. Erland Sommarskog 121.8K Reputation points MVP Volunteer Moderator
    2022-12-06T22:36:17.797+00:00

    Have you tested with SSMS 19 Preview 3? I believe that SSMS 19 uses the newer Microsoft.Data.SqlClient API, you may have better luck there.


  5. Basamma Nagonde 6 Reputation points
    2022-12-07T05:25:01.083+00:00

    I have all the latest versions on my machine, Windows 2022, SQL 2022, SSMS 19.3.
    I dont see Strict connection type is SSMS to specify. Looks like still this is not available for use.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.