Am I using TLS 1.2

  • Folks, I know there are so many blog posts about this subject and I have read most of them.  I still have one question about TLS 1.2.

    Server = Windows Server 2019

    SQL Version = 2019 CU16

    Force Encryption = Yes (using a CA Certificate)

    I found the SSC artical [SQL Server on TLS 1.2: XEvent session to catch TLS in use] to identify the protocal being used for encryption and when I check my servers it is showing TLS 1.2

    The problem that I am having is that I am not seeing the TLS settings in the registry.

    Question: Am I OK to tell the Security group that we are communicating with TLS 1.2.

    Any help is appreciated.

     

    • This topic was modified 1 month, 4 weeks ago by  jayoub.

    Jeff

  • Thanks for posting your issue and hopefully someone will answer soon.

    This is an automated bump to increase visibility of your question.

  • Folks, I did find the below website that talks about TLS settings.  From what the site is saying it might be enabled by default and you can use the registy key and set them to enabled or you can use the registry key if you want to disable TLS.

    https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings

    At the bottom there is a section called "TLS, DTLS, and SSL protocol version settings"

    Any feedback is appreciated.

    Jeff

  • I spoke to a Server Administrator and he mentioned that Yes TLS is enabled by default on Windows Server 2019 and that all three versions are enabled 1.0, 1.1, 1.2.  He said that we use the registry settings to disable the older less secure versions.

    I used the extended event and was able to see that connections were using TLS 1.2.  The extended event information is here

    https://www.sqltact.com/2018/01/sql-server-on-tls-12-xevent-session-to.html

    Unless someone has additional informaton I can safely say we are using TLS 1.2

    Jeff

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply