If your Microsoft SQL Server database server has been configured with an SSL certificate signed by a trusted CA, the server can be configured so that SSL encryption is either optional or required. When required, connections from clients that do support SSL encryption fail.
Although a signed trusted SSL certificate is recommended for the best degree of security, Microsoft SQL Server 2005 and higher can provide limited security protection even if an SSL certificate has not been configured on the server. If a trusted certificate is not installed, the server will use a self-signed certificate to encrypt the login request, but not the data.
The following table shows how the different EncryptionMethod property values behave with different Microsoft SQL Server configurations.
Table 67. EncryptionMethod Property and Microsoft SQL Server Configurations
Value
No SSL Certificate
SSL Certificate
SSL Optional
SSL Required
noEncryption
Login request and data are not encrypted.
Login request and data are not encrypted.
Connection attempt fails.
SSL
Connection attempt fails.
Login request and data are encrypted.
Login request and data are encrypted.
requestSSL
Login request and data are not encrypted.
Login request and data are encrypted.
Login request and data are encrypted.
loginSSL
Microsoft SQL Server 2005 and higher: Login request is encrypted, but data is not encrypted
Microsoft SQL Server 2000: Connection attempt fails.
Login request is encrypted, but data is not encrypted.