How to Test tls 1.3 is enabled and SQL is using it using query

Basamma Nagonde 6 Reputation points
2022-11-21T04:57:24.687+00:00

262340-tls-settings.png

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,343 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. PandaPan-MSFT 1,911 Reputation points
    2022-11-22T03:05:36.573+00:00

    Hi @Basamma Nagonde ,
    I found the way to find TLS version in SSMS
    you can check the following two links:
    https://www.sqltreeo.com/docs/find-out-which-tls-version-is-used-for-sql-server-connections
    https://www.dbi-services.com/blog/how-to-find-the-tls-used-for-the-sql-server-connection/
    I tested the first link and it worked fine to me
    262857-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"

    1 person found this answer helpful.

  2. PandaPan-MSFT 1,911 Reputation points
    2022-11-21T07:25:10.237+00:00

    Hi @Basamma Nagonde ,
    I think the tls 1.3 is enabled by default like your picture shows. And if you really wanna know if it is worked you can try disabling your TLS1.1 TLS 1.2 and see if you can still connect the SQL.
    You can change the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client\Enabled
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server\Enabled

    into

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client\DisabledByDefault
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server\DisabledByDefault

    Wish you good luck !


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"

    0 comments No comments

  3. PandaPan-MSFT 1,911 Reputation points
    2022-11-24T02:45:03.04+00:00

    Hi @Basamma Nagonde ,
    I think the problem you met is you are using 2019 and like dan's posting you need to change sqlsni.trace into sqlsni.sni_trace
    I will post the new codes and you can check the result directly:

     CREATE EVENT SESSION [tls3] ON SERVER  
     ADD EVENT sqlsni.sni_trace(  
     WHERE (([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%TLS1.0%'))  
     OR ([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%TLS1.1%'))  
     OR ([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%TLS1.2%'))  
     OR ([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%TLS1.3%'))  
     ))  
     ALTER EVENT SESSION [tls3] ON SERVER  
     ADD TARGET package0.ring_buffer(SET max_events_limit=(100000),max_memory=(10240))  
     WITH (MAX_MEMORY=10240 KB,STARTUP_STATE=ON)  
     GO  
     ALTER EVENT SESSION tls3 ON SERVER STATE = START;  
    

    263705-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"

    0 comments No comments

  4. Basamma Nagonde 6 Reputation points
    2022-11-24T04:30:36.373+00:00

    Hi @PandaPan-MSFT - I have the same event created in my machine and my machine is Windows 22 + SQL Server 2022:
    And still I dont see any events.

    But in your post I see TLS1.2 protocol is displaying instead of TLS 1.3, can you please help me understand.

    263687-image.png

    0 comments No comments

  5. PandaPan-MSFT 1,911 Reputation points
    2022-11-24T05:34:57.987+00:00

    Hi @Basamma Nagonde ,

    But in your post I see TLS1.2 protocol is displaying instead of TLS 1.3

    I didn't install TLS 1.3 so the result can only be seen as TLS 1.2

    You can select watch live data
    263728-image.png
    And you will see the following information. You will need waiting for a while to let the trace connect your server.
    263763-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"