Menu
In a live system, we are making multiple connections to various MSSQL servers using the SqlConnection object in C#.
As a client is in the process of updating their SQL servers to TLS 1.2, I would like to know if there is a way to determine which implementation of TLS is in use on an active connection.
I would like to achieve this entirely in C# if possible, but can use alternative languages so long as the end result is a self contained application.
The purpose of this is to provide the client with a quick test tool which will help in ensuring that the software is working correctly with TLS 1.2 on an integration environment before the changes are made to the live system.
I have spent several hours looking into this, but am so far unable to find anything helpful. All the resources I have found are aimed at ASP developers, and do not go into detail on connecting directly to the SQL server in a desktop application.
The application is using .NET 4.5, so TLS 1.2 should be available.
Many thanks
837
Enter the URL you wish to check in the browser. Right-click the page or select the Page drop-down menu, and select Properties. In the new window, look for the Connection section. This will describe the version of TLS or SSL used.
In the Windows menu search box, type Internet options. Under Best match, click Internet Options. In the Internet Properties window, on the Advanced tab, scroll down to the Security section. Check the User TLS 1.2 checkbox.
How to check if TLS 1.2 is enabled? If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault is present, the value should be 0.
Understanding the relationship between ODBC and TLS This communication needs to be encrypted for security reasons. The ODBC driver will use TLS to do the encryption. The latest version of TLS is 1.2.
For the benefit of anybody who stumbles accross this question looking for a solution to the same problem, the comment posted by Ed Harper is correct - I don't think there's a way to determine the TLS version in use by a connection from within SQL Server. You might have to resort to packet capture to determine the TLS version.
When using .NET 4.5 and above, TLS 1.2 is supported, and if a connection is established to a service which explicitly specifies TLS 1.2, the connection should work correctly.
As TLS applies to the transport OSI layer, packet capture is the correct way to confirm the TLS version, as described in the link also posted by Ed Harper - https://networkengineering.stackexchange.com/questions/20227/find-ssl-version-in-tcp-packets-in-established-tcp-connection
As our code is written for .NET 4.5, the switch to enforcing TLS 1.2 did not require any code changes.
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
