21 June,2022 by Tom Collins
TLS | SSL |
Transparent Layer Security (TLS) | Secure Sockets Layer (SSL) |
versions: SSL (1.0, 2.0, 3.0) | versions:TLS (1.0,1.1,1.2,1.3) |
Vulnerabilities discovered in all versions | Vulnerabilities in 1.0& 1.1 |
Founder: Internet Egineering Taskforce 1999 | Founder: Taher Elgamal (Netscape) 1995 |
-In documentation\forums\web sites - TLS & SSL are used interchangeably , confusing the issue. TLS should be the priority over SSL given the deprecation status and vulnerabilities.MS SQL supports TL2 1.2 as standard. Microsoft recommends you use TLS 1.2
-TLS 1.0 & 1.1 now deprecated
-SSL 2.0 & SSL 3.0 were deprecated in 2011 & 2015. Vulnerabilites continue to be discovered - Heartbleed , POODLE
-Certificates are not dependant on protocols
-The certificate facilitates the handshake between the server & client. At the handshake phase - the protocol version is established , as well as the shared secret & that is the key determinant in the encryption strength.
Read more on SSL,TLS & SQL Server
How to generate a self signed certificate for SQL Server with New-SelfSignedCertificate
How to check SSL encryption is enabled on SQL Server with Powershell
How to check a SQL Server connection is encrypted with SSL
TLS , SQL Server and powershell cmdlet - Get-TLSCipherSuite
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |