by SQL Protocols via SQL Protocols on 10/19/2009 9:48:00 PM
Secure connection to SQL Server can be enforced by different ways, e.g. forcing encryption by using “ForceEncryption” property under the Network Configuration in the server. But this setting will force all clients to use encryption and any client that is not able to use an encrypted connection will fail.
If you need to connect to SQL Server selectively here is how to achieve this:
You can take advantage of the two client settings, “Force Protocol Encryption” and “Trust Server Certificate” and two connection string parameters, “Encrypt” and “Trust Server Certificate”. The table below describes different combinations of these flags and the corresponding behavior.
Force Protocol Encryption client setting
Trust Server Certificate client setting
Connection string/connection attribute Encrypt/Use Encryption for Data
Connection string/connection attribute Trust Server Certificate
Result
1.
No
N/A
No (default)
Ignored
No encryption occurs.
2.
Yes
Encryption occurs only if there is a verifiable server certificate, otherwise the connection attempt fails.
3.
Encryption always occurs; certificate is not validated by the client.
4.
5.
Encryption always occurs, but certificate is not validated by the client.
6.
7.
If you are not using a server certificate you can go for #5, though #4 with Server certificate is recommended to prevent Man-In-Middle type network attacks. Alternatively you can also use connection string parameters, depending on whether you are using verifiable Server Certificate or self signed server certificate chose #2 or #3. The last two options use both client settings and connection string parameters.
The above connection string values are for OLEDB, for ODBC the connection string values are “true”/”false” instead of “yes”/”no”. For more info please refer to http://msdn.microsoft.com/en-us/library/ms130822%28SQL.90%29.aspx
If you still get error messages like “SSL Security error” and you are using a verifiable server certificate you need to follow the link below to export the server certificate and import it back in the client.
http://support.microsoft.com/kb/316898 (follow the steps for "Enable encryption for a specific client")
Bhaskar Bhattacharyya, SQL Server ProtocolsDisclaimer: This posting is provided "AS IS" with no warranties, and confers no rights
Original Post: Selectively using secure connection to SQL Server
The content of the postings is owned by the respective author. SQL Feeds is not responsible for the contents of the postings. This site is automatically generated and cannot be reviewed for abusive content. If you find abusive content on SQL Feeds, please contact us. Designated trademarks and brands are the property of their respective owners. All rights reserved.
