SSMS v18.3 "Trust Server certificate" option

Question

On one server , I have set ForcedEncryption to True. I have also attached server certificate to service account, with service account having read rights on certificate. Everything working as expected. When I query sys.dm_exec_connections, I see Encrypt = True.

I have multiple SSMS versions. Here is where, I need some advise.

1. With v18.3, I am able to connect to server without doing anything with "Trust Server Certificate".
2. with V 19.3.4, unless I select "Trust Server Certificate" I get error ( SSL Provider: 0. )
3. with V20.1, unless I select "trust server certificate", I get error. ( SSL provider: 0) .

Does this means v18.3 is less secure compared to v19 & v20? Should I get my users use newer version of SSMS ?

Answer 1

As the versions of changed, the underlying client libraries have also been being changed, and yes, they are becoming more secure by default.

With 20.1, the certificate related details have been moved to the front page of the connection dialog. You can see details explained here: https://techcommunity.microsoft.com/t5/sql-server-blog/upcoming-changes-for-sql-server-management-studio-ssms-part-1/ba-p/4059495

Answer 2

Hi，Mudit Gupta

V20.1：

When configured as

Equal to

V 19.3.4 or V18.3：

---

V20.1：

When configured as

Equal to

V 19.3.4 or V18.3：

The different versions mentioned all utilize TLS and SSL protocols for encrypted connections, and there are no differences. Therefore, there is no need to update SSMS to the latest version.

About Certificate Encryption you can refer to this article.