none
Difference between TLS and Encrypt in transit. RRS feed

  • Question

  • Can someone explain to me what the difference is between enabling TLS 1.2 and have enabling encryption in transit? I would think if a use is using TLS 1.2 then the connection is encrypted. I know I'm missing something.
    Thursday, August 1, 2019 11:51 PM

Answers

All replies

  • Good day,

    TLS can be used for Encrypt in transit. I am not sure I get what is the exact question.

    Check if the following blog (check the table at the end) explain what you need:
    https://blogs.msdn.microsoft.com/sanket/2018/11/20/how-to-encrypt-sql-communication-on-the-wire/

    Check this link on how to enable T:S 1.2:
    https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server


    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]

    Sunday, August 4, 2019 12:13 AM
  • Hi edycus,

     

    The connection encryption of sql server is divided into two parts, one is the encryption when establishing the connection, and the other is the encryption when the data is transmitted.

     

    In any case, the encryption when establishing a connection is mandatory encryption. The data transfer between the client and the sql server is not encrypted by default. As mentioned by pituach, TLS can be used for Encrypt in transit too.

     

    You need to manually configure sscm to enable encryption when sql server and client transfer data:

     

     

     

    For more details, please refer to http://dba-datascience.com/ssl-or-tls-encryption-on-sql-server/

     

    Best regards,

    Dedmon Dai


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    • Marked as answer by edycus Tuesday, August 6, 2019 9:11 PM
    Monday, August 5, 2019 6:14 AM
  • Thanks both of you had a part in answering this. TLS by default encrypts initial connection with user authorization then goes into data transfer mode that is not encrypted without turning on "Encrypt in transit" through configuration manager or other command line tool. Thanks to you both.

    I keep reading TLS encrypts your connection. I thought, wait what does the Encrypt in transit do if TLS is already encrypting it? The answer is it doesn't encrypt the whole connection only the authentication and authorization part. 


    • Edited by edycus Tuesday, August 6, 2019 9:17 PM
    Tuesday, August 6, 2019 9:15 PM
  • You are most welcome

    I glad ti hear that you found "the whole" you need in the combination of the responses😃

    Here are some point for closing the thread and say thanks, just as a start up in the community :-)
    +5


    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]

    Tuesday, August 6, 2019 10:06 PM