MSSQL SSL/TLS
Check
To report encrypted/unencrypted sessions...
SELECT session_id,
connect_time,
Net_transport,
protocol_type,
encrypt_option,
auth_scheme,
client_net_address
FROM sys.dm_exec_connections
Extended Events
You can configure an Extended Event Session to report on connections and show which SSL/TLS protocol they are using...
The method below works in:
SQL2016 SP1+
SQL2014 SP3+
SQL2012 SP4+
Create Event
CREATE EVENT SESSION [tls] ON SERVER
ADD EVENT sqlsni.trace(
WHERE (([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%'))))
Set Event Target
ALTER EVENT SESSION [tls] ON SERVER
ADD TARGET package0.ring_buffer(SET max_events_limit=(100000),max_memory=(10240))
WITH (MAX_MEMORY=10240 KB,STARTUP_STATE=ON)
GO
Start Event Monitoring
ALTER EVENT SESSION [tls] ON SERVER STATE = START;
Stop Event Monitoring
ALTER EVENT SESSION [tls] ON SERVER STATE = STOP;
TLS 1.2 Compatibility
Your connections will not be able to use TLS 1.2 unless it is enabled in your build.
For Windows 7 SP1, and Windows 2008 R2 SP1, you may also need an updated version of .Net 3.5.1 For Windows 8 RTM and Windows 2012 RTM, you may also need an updated version of .Net 3.5For Windows 8.1, and Windows 2012 R2 SP1, you may also need an updated version of .Net 3.5 SP1 (see links in KB3135244 docs)The following SQL Server builds, and later, support TLS 1.2...
SQL2016+
SQL2019 - Any build
SQL2017 - Any build
SQL2016 - Any build
SQL2014
For SQL2014 and earlier, you may also need an updated version of the Native Client(see links in KB3135244 docs)SQL2014 SP3 - Any Build
SQL2014 SP2 - Any Build
SQL2014 SP1 - CU5 - 12.0.4439.1+
SQL2014 RTM - CU12 - 12.0.2564.0+
SQL2012
For SQL2014 and earlier, you may also need an updated version of the Native Client(see links in KB3135244 docs)SQL2012 SP3 - CU1 - 11.0.6518.0+
SQL2012 SP2 - CU10 - 11.0.5644.2+
SQL2008R2
SQL2008R2 is no longer supported by Microsoft.For SQL2014 and earlier, you may also need an updated version of the Native Client(see links in KB3135244 docs)For TLS1.2 support you need to be on one of the following builds or later...
10.50.6542.0+ (x86/x64)
10.50.4047.0+ (IA64)
10.50.4344.0+ (IA64)
SQL2008
SQL2008 is no longer supported by Microsoft.For SQL2014 and earlier, you may also need an updated version of the Native Client(see links in KB3135244 docs)For TLS1.2 support you need to be on one of the following builds or later...
10.0.6547.0+ (x86/x64)
10.0.5545.0+ (IA64)
10.0.5896.0+ (IA64)
SELECT SERVERPROPERTY('productversion')
Bibliography
https://support.microsoft.com/en-us/help/3135244/kb3135244-tls-1-2-support-for-microsoft-sql-server https://docs.microsoft.com/en-gb/archive/blogs/sqlman/verifying-if-a-connection-to-sql-server-is-encryptedhttps://www.sqltact.com/2018/01/sql-server-on-tls-12-checklist-to.htmlhttps://www.sqltact.com/2018/01/sql-server-on-tls-12-xevent-session-to.htmlhttps://social.msdn.microsoft.com/Forums/office/en-US/a8fbb819-02c0-4b42-b593-0282605732f1/how-to-confirm-sql-connection-is-using-tls-12?forum=sqlsecurity https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings https://security.stackexchange.com/questions/142939/determine-ssl-tls-version-using-wireshark