How to Test tls 1.3 is enabled and SQL is using it using query

Question

How to Test tls 1.3 is enabled and SQL is using it using query

Basamma Nagonde 6

5 answers

Your answer

Answer 1

PandaPan-MSFT 1,931

Hi @Basamma Nagonde ,
I found the way to find TLS version in SSMS
you can check the following two links:
https://www.sqltreeo.com/docs/find-out-which-tls-version-is-used-for-sql-server-connections
https://www.dbi-services.com/blog/how-to-find-the-tls-used-for-the-sql-server-connection/
I tested the first link and it worked fine to me

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"

Basamma Nagonde 6 Reputation points

2022-11-22T10:52:55.233+00:00

Thank you @PandaPan-MSFT . I will try these solutions.
Dan Guzman 9,401 Reputation points

2022-11-22T12:07:45.623+00:00

@Basamma Nagonde , note the event name is sqlsni.sni_trace (instead of sqlsni.trace) in SQL Server 2019 CU8 and later.
Basamma Nagonde 6 Reputation points

2022-11-23T16:28:59.7+00:00

@PandaPan-MSFT
I have disabled TLS 1.1 and 1.2 . Now in machine only TLS 1.3 is enabled, but I am not getting any events when I view the Live data.
Is there a way to see data by doing some activities.

Answer 2

Hi @Basamma Nagonde ,
I think the tls 1.3 is enabled by default like your picture shows. And if you really wanna know if it is worked you can try disabling your TLS1.1 TLS 1.2 and see if you can still connect the SQL.
You can change the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server\Enabled

into

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client\DisabledByDefault
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server\DisabledByDefault

Wish you good luck !

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"

Answer 3

Hi @Basamma Nagonde ,
I think the problem you met is you are using 2019 and like dan's posting you need to change sqlsni.trace into sqlsni.sni_trace
I will post the new codes and you can check the result directly:

 CREATE EVENT SESSION [tls3] ON SERVER  
 ADD EVENT sqlsni.sni_trace(  
 WHERE (([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%TLS1.0%'))  
 OR ([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%TLS1.1%'))  
 OR ([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%TLS1.2%'))  
 OR ([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%TLS1.3%'))  
 ))  
 ALTER EVENT SESSION [tls3] ON SERVER  
 ADD TARGET package0.ring_buffer(SET max_events_limit=(100000),max_memory=(10240))  
 WITH (MAX_MEMORY=10240 KB,STARTUP_STATE=ON)  
 GO  
 ALTER EVENT SESSION tls3 ON SERVER STATE = START;

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"

Answer 4

Basamma Nagonde 6

Hi @PandaPan-MSFT - I have the same event created in my machine and my machine is Windows 22 + SQL Server 2022:
And still I dont see any events.

But in your post I see TLS1.2 protocol is displaying instead of TLS 1.3, can you please help me understand.

Answer 5

PandaPan-MSFT 1,931

Hi @Basamma Nagonde ,

But in your post I see TLS1.2 protocol is displaying instead of TLS 1.3

I didn't install TLS 1.3 so the result can only be seen as TLS 1.2

You can select watch live data

And you will see the following information. You will need waiting for a while to let the trace connect your server.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment"

PandaPan-MSFT 1,931 Reputation points

2022-11-25T01:50:01.027+00:00

Hi @Basamma Nagonde ,
Can this solution solve your problem ?
Basamma Nagonde 6 Reputation points

2022-12-05T09:58:02.663+00:00

Hi @PandaPan-MSFT - I waited for almost a day, dont see any events.
PandaPan-MSFT 1,931 Reputation points

2022-12-06T01:03:16.307+00:00

That's really weird....Could you send a picture of your window? :(
Basamma Nagonde 6 Reputation points

2022-12-06T08:50:10.96+00:00

Please find the below details- We cannot start SQL server if TLS1.2 is disabled..
I have both 1.2 and 1.3 enabled with TDS 8.0 in place for sql server - Added host certificate for it also.
When I try to connect to sql server using SSMS I get below error in event viewer -

The SQL Server or the endpoint is configured to accept only strict (TDS 8.0 and above) connections. The connection has been closed.

Also, I can test the connection is working or not using OLE DB driver's provided by MS from below link -
https://learn.microsoft.com/en-us/sql/relational-databases/security/networking/connect-with-strict-encryption?view=sql-server-ver16

While connecting to SSMS with TLS 1.2 disabled - I get below error -
PandaPan-MSFT 1,931 Reputation points

2022-12-06T08:58:04.8+00:00

Hi @Basamma Nagonde ,
Wow..... I recommend you to open a new case, which can solve your problem better. And other experts can see your case if you posted a new. This case is too old and it will be silenced in this forum. ( You can add the link of this case so that others can know your problem better) :)

Share via

How to Test tls 1.3 is enabled and SQL is using it using query

5 answers

Your answer