问题
We are testing a proof of concept of our apps.
We have a managed SQL Server instance on Azure that hosts our database. Before I go bug the Azure personnel we have on hand, I want to know if it is possible to force in-transit encryption? I want to make sure my connections from my various clients (apps, web site, services) are forced to encrypt. I am not talking about the encryption of tables and files but the connections themselves.
By googling, I found only this link (https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview#tlsssl-encryption-in-azure) that tells me it is working but, can it be configured, or is it defaulted to encrypt?
On a regular SQL Server, I go easily on the machine itself, in the SQL Server configuration manager and right-click over Protocols for my instance, in SQL Server Network configuration, in the Flags tab I choose Force Encryption to Yes and then choose or not certificates, etc.
Can anyone help me figure this one out?
Thanks in advance!
user7379674
回答1:
The default is to encrypt all connections in transit via TLS as outlined at https://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview#transport-layer-security-tls-encryption-in-transit
Unlike SQL Server ( where you can configure this by setting Force Protocol Encryption to OFF), this setting is on by default for SQL Database and is not use configurable.
The exception to this rule are some very old client ( e.g. jTDS) that can negotiate down (per TDS protocol) and connect unencrypted. Needless to say, we would advise you to use latest drivers & ensure that your app connects per the best practices outlined above.
来源:https://stackoverflow.com/questions/58084495/how-to-force-in-transit-encryption-on-sql-azure-like-on-regular-sql-server