Post reply

Force Encryption ON

  • March 8, 2012 at 8:55 am

    #257197

    Hi, i've recently been experimenting with encrypting connections to a SQL server (2008 R2) installation. I've not gone as far as creating SSL certificates and provisioning them on the server, i've simply made changes in the Config Manager to set FORCE ENCRYPTION and TRUST SERVER CERTIFICATE both to ON (or yes).

    The question I have is: to what level does this encrypt data coming out of the server. I compared packets (using WireShark) before and after, and they do "look" like the data has been encrypted but I wanted to hear from other people who know a lot more on the subject.

    Thanks in advance

    Nick

  • March 8, 2012 at 10:08 am

    #1456662

    SSL 40 or 128-bit depending on the capabilities of your OS.

    http://msdn.microsoft.com/en-us/library/ms189067.aspx

    CEWII

  • March 9, 2012 at 3:08 am

    #1457035

    Thanks.

    So essentially what this means is that (if my understanding is correct) by not provisioning a certificate and just setting FORCE ENCRYPTION ON - that we're using a self signed certificate that "does" encrypt data to and from the sql box, but is open to "man in the middle" attacks?

  • March 9, 2012 at 9:43 am

    #1457274

    Yes, that is accurate. Depending on your network this may be a non-issue but it is good to understand the limitations.

    CEWII

  • March 9, 2012 at 10:22 am

    #1457293

    I'd agree with Elliot. Using a self-signed ceritificate doens't necessarily give you a hierarchy of trust for clients, but it may not be an issue.

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply