The PASS Security virtual chapter hosted a great webinar on Thursday. Amit Banerjee from Microsoft’s SQL Server Tiger Team (b|t) spoke about upgrading our SQL Server instances to use TLS 1.2, including many pitfalls that are frequently encountered.
We’re all familiar with SSL – we use it every day without even thinking about it. It’s the encryption protocol used to secure connections to many of the websites we use. SSL has actually become somewhat of a generic term to refer to the original SSL protocol (first released in 1995) and its successor, TLS (Transport Layer Security, first released in 1999). There were three major versions of SSL, all of which have now been deprecated due to security concerns. TLS has likewise seen three iterations – 1.0, 1.1, and 1.2. TLS 1.2 is the strongest, by far, and many companies are now requiring it be used.
Many DBAs don’t know that we can also encrypt the connections to SQL Server instances by using SSL/TLS. It’s quite easy to do and increasingly important, but it’s often overlooked. (That’s the subject of another post.) SQL Server has supported both protocols for some time, but TLS 1.2 was only added recently. It is natively supported in SQL Server 2016; support for the protocol can be added to SQL Server 2008-2014 using cumulative updates and hotfixes, depending on the version.
Amit did a fantastic job addressing how to rollout TLS 1.2 support – it’s not as easy as just applying the service pack since you have to install support on many clients, as well. The Tiger Team has seen a number of potential issues with it, and Amit went into detail about what those are and how to overcome them. If you weren’t able to attend the session live, I encourage you to check out the recording. The Security VC also has links to the slides and demos on their meeting archive page.