MS SQL Server configured for secure (SSL) connection allows non-secure connection from JDBC Client

Question

I need to connect to the MS SQL Server 2008 r2 using the secure communication. I have been able to do the same using the following connection string:

jdbc:sqlserver://<<db server name>>:1433;databaseName=<<db name>>;selectMethod=cursor;encrypt=true;trustServerCertificate=false;integratedSecurity=false;trustStore=<<path to my trust store>>;trustStorePassword=<<password>>

On the DB server I have used Configuration Manager to specify the certificate to be used and enable 'Forced Encryption' SQL Server Configuration Manager -> SQL Server Network Configuration -> Protocols for <> - Right Click -> Properties -> Force Encryption and Certificate

however, I am able to connect to the same DB without specifying 'encrypt=true' that is with the following URL:

jdbc:sqlserver://<<db server name>>:1433;databaseName=<<db name>>;selectMethod=cursor;

My confusion is that when SQL Server has been configured for secure connection, shouldn't it reject/ignore the non-encypted connection. Or do I need to do addtional configuration so the DB server accepts only secure connections

Thanks and Regards P Manchanda

Answer 1

No. As per documentation it will have a encrypted connnection.

Check http://social.msdn.microsoft.com/Forums/sqlserver/en-US/bde679d9-ff83-4fa7-b402-42e336a97106/force-encryption-on-sql-server-not-working

When the Force Encryption option for the Database Engine is set to YES, all communications between client and server is encrypted no matter whether the “Encrypt connection” option (such as from SSMS) is checked or not. You can check it using the following DMV statement.

Simple like that - your connection string setting is ignored.

This can be checked on the server via:

USE master
GO
SELECT encrypt_option FROM sys.dm_exec_connections
GO