An update is available that extends the Trace extended event in Microsoft SQL Server. Trace exposes the TLS/SSL protocol that's used by the client. If a TLS/SSL negotiation is completed successfully, information such as the TLS/SSL protocol, cipher, hash, and peer address is returned. If the negotiation fails, only the IP address of the client is returned.
Service packs are cumulative. Each new service pack contains all the fixes that are in previous service packs, together with any new fixes. Our recommendation is to apply the latest service pack and the latest cumulative update for that service pack. You do not have to install a previous service pack before you install the latest service pack. Use Table 1 in the following article for finding more information about the latest service pack and latest cumulative update.
After you apply this update, Trace is extended and is available in the Debug channel in the SNI Tracing Event.
Among the other messages, there will be a message that begins with “SNISecurity Handshake.” Then, there will be a "handshake failed" or "handshake succeeded" message that indicates failure or success.
In the case of a failure, the client and the server could not negotiate the handshake successfully because they shared no common protocols. Because no other information is available about the client yet (the handshake occurs before the logon happens), only the client's IP address is available.
If the handshake succeeded, information about the handshake protocol is available: the cipher, its strength, the hash used, the hash strength, and the client's IP address. Because the handshake was just completed, no information about the client is yet available except its IP address.
Note This process does not apply to Microsoft SQL Server 2014 or Microsoft SQL Server 2012 because the Trace extended event is not implemented for the SNI layer in that version. For SQL Server 2014 or 2012, you must use Built-In Diagnostics (BID) traces. For more information, see this Docs article.
Learn about the terminology that Microsoft uses to describe software updates.