8

we have an application running MS SQL Server 2012. For one specific use case we'd like to SSL protect the jdbc connection. I've checked the following links:

There are 2 things I find puzzling:

  1. The SSL connection uses port 1433, like usually the plain text connection does. No additional port for secure connections (like 389 for plain LDAP and 636 for LDAPS)?
  2. The 3rd link says "To configure the server to accept encrypted connections" I need to set the "ForceEncryption" setting to TRUE.

Which brings me to my final question: Is it possible to use a secure and non-secure connection at the same time? Or do all jdbc clients have to use SSL once this is configured?

Many thanks Kai

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
kaidentity
  • 183
  • 1
  • 1
  • 5
  • My reading of it is that once encryption is enabled, the client can request it or not. But I don't have experience with it, so I'll let someone who does actually answer the question. – Ben Thul Jun 23 '14 at 14:30

1 Answers1

8

I suspect that this article will help you out:

The protocol still uses TCP port 1433, by default, irrespective of SSL being used. The client can request SSL and, if the server has a certificate installed, the server and client will negotiate SSL. The server can be configured to force SSL, which will cause clients that do not support SSL to have their connections terminated. It is not necessary to tell the server to force SSL to get encryption, so long as the client requests SSL.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328