Finding which TLS version is in use for client connections

How can you tell what version of TLS is currently used for client connections? Simple question we’ve been asked as we prepare to ship the new OLE DB driver.

Starting with SQL Server 2016 SP1, and SQL Server 2012 SP4, the Trace xEvent (Debug channel) exposes the TLS/SSL protocol that's used by the client. If a TLS/SSL negotiation is completed successfully, information such as the TLS/SSL protocol, cipher, hash, and peer address is returned. If the negotiation fails, only the IP address of the client is returned.

image

You can also refer to KB 3191296 for information. Note this will also be available in a future SQL Server 2014 Service Pack.

For more information on configuring SQL Server to use TLS1.2, as well as a list of known issues, refer to KB 3135244.

Pedro Lopes (@sqlpto) – Senior Program Manager