Summary

An update is available that extends the Trace extended event in Microsoft SQL Server. Trace exposes the TLS/SSL protocol that's used by the client. If a TLS/SSL negotiation is completed successfully, information such as the TLS/SSL protocol, cipher, hash, and peer address is returned. If the negotiation fails, only the IP address of the client is returned.

Service packs are cumulative. Each new service pack contains all the fixes that are in previous service packs, together with any new fixes. Our recommendation is to apply the latest service pack and the latest cumulative update for that service pack. You do not have to install a previous service pack before you install the latest service pack. Use Table 1 in the following article for finding more information about the latest service pack and latest cumulative update.

How to determine the version, edition and update level of SQL Server and its components

Each new build for SQL Server contains all the hotfixes and all the security fixes that were included with the previous build. We recommend that you install the latest build for your version of SQL Server:

latest build for SQL Server 2016 

Latest cumulatice update for SQL Server 2014

After you apply this update, Trace is extended and is available in the Debug channel in the SNI Tracing Event.

Among the other messages, there will be a message that begins with “SNISecurity Handshake.” Then, there will be a "handshake failed" or "handshake succeeded" message that indicates failure or success.

In the case of a failure, the client and the server could not negotiate the handshake successfully because they shared no common protocols. Because no other information is available about the client yet (the handshake occurs before the logon happens), only the client's IP address is available.

If the handshake succeeded, information about the handshake protocol is available: the cipher, its strength, the hash used, the hash strength, and the client's IP address. Because the handshake was just completed, no information about the client is yet available except its IP address.

Note This process does not apply to Microsoft SQL Server 2014 or Microsoft SQL Server 2012 because the Trace extended event is not implemented for the SNI layer in that version. For SQL Server 2014 or 2012, you must use Built-In Diagnostics (BID) traces. For more information, see this Docs article.

References

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×