28 June,2022 by Tom Collins
Question: In a recent meeting i heard the term MTLS , what does this mean and what is the difference between Transport Layer Security (TLS) versus Mutual Transport Layer (MTLS)?
Answer: Mutual transport layer security establishes an encrypted TLS connection is which both parties use x-509 digital certificated to authenticate and verify each other. One of the main benefits is to deter\prevent malicious third parties from imitating genuine apps
Typically MTLS is used as a stronger form of encryption where the two parties - client & server mutually authenticate each other. i,e the client authenticates the servers identity and the server authenticates the clients identity.
The client & server create the assurance by verifying that both contain the private key. The MTLS pattern is commonly used in a zero trust environment.
To illustrate the difference between TLS & MTLS:
TLS summary
Step 1 : Client initiates a connection to the server
Step 2: The server displays the TLS certificate
Step 3 : Client verifies the server's certificate
Step 4: Server & Client initiate send\receive of data over encrypted TLS connection
MTLS summary
Step 1 : Client initiates a connection to the server
Step 2: The server displays the TLS certificate
Step 3 : Client validates the server's certificate
Step 4 : Client displays its TLS certificate
Step 5 : Server validates the client's certificate
Step 6: Server grants access
Step 7: Server & Client initiate send\receive of data over encrypted TLS connection
Read more on Encrypted Connections for SQL Server
TLS v SSL : which should you use
TLS , SQL Server and powershell cmdlet - Get-TLSCipherSuite
Connection failed - SQL Server Error 772 - TCPIP Socket
How to generate a self signed certificate for SQL Server with New-SelfSignedCertificate
How to check SSL encryption is enabled on SQL Server with Powershell
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |