we have an application running MS SQL Server 2012. For one specific use case we'd like to SSL protect the jdbc connection. I've checked the following links:
- How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
- Connecting with SSL Encryption
- Enable Encrypted Connections to the Database Engine
There are 2 things I find puzzling:
- The SSL connection uses port 1433, like usually the plain text connection does. No additional port for secure connections (like 389 for plain LDAP and 636 for LDAPS)?
- The 3rd link says "To configure the server to accept encrypted connections" I need to set the "ForceEncryption" setting to TRUE.
Which brings me to my final question: Is it possible to use a secure and non-secure connection at the same time? Or do all jdbc clients have to use SSL once this is configured?
Many thanks
Kai
Best Answer
I suspect that this article will help you out:
The protocol still uses TCP port 1433, by default, irrespective of SSL being used. The client can request SSL and, if the server has a certificate installed, the server and client will negotiate SSL. The server can be configured to force SSL, which will cause clients that do not support SSL to have their connections terminated. It is not necessary to tell the server to force SSL to get encryption, so long as the client requests SSL.