Determine TLS version from established SqlConnection

Question

In a live system, we are making multiple connections to various MSSQL servers using the SqlConnection object in C#.

As a client is in the process of updating their SQL servers to TLS 1.2, I would like to know if there is a way to determine which implementation of TLS is in use on an active connection.

I would like to achieve this entirely in C# if possible, but can use alternative languages so long as the end result is a self contained application.

The purpose of this is to provide the client with a quick test tool which will help in ensuring that the software is working correctly with TLS 1.2 on an integration environment before the changes are made to the live system.

I have spent several hours looking into this, but am so far unable to find anything helpful. All the resources I have found are aimed at ASP developers, and do not go into detail on connecting directly to the SQL server in a desktop application.

The application is using .NET 4.5, so TLS 1.2 should be available.

Many thanks

Answer 1

For the benefit of anybody who stumbles accross this question looking for a solution to the same problem, the comment posted by Ed Harper is correct - I don't think there's a way to determine the TLS version in use by a connection from within SQL Server. You might have to resort to packet capture to determine the TLS version.

When using .NET 4.5 and above, TLS 1.2 is supported, and if a connection is established to a service which explicitly specifies TLS 1.2, the connection should work correctly.

As TLS applies to the transport OSI layer, packet capture is the correct way to confirm the TLS version, as described in the link also posted by Ed Harper - https://networkengineering.stackexchange.com/questions/20227/find-ssl-version-in-tcp-packets-in-established-tcp-connection

As our code is written for .NET 4.5, the switch to enforcing TLS 1.2 did not require any code changes.