Update extends the Trace extended event with security protocol handshake information in SQL Server

Applies to: SQL Server 2016 DeveloperSQL Server 2016 EnterpriseSQL Server 2016 Enterprise Core More

Summary


An update is available that extends the Trace extended event in Microsoft SQL Server. Trace exposes the TLS/SSL protocol that's used by the client. If a TLS/SSL negotiation is completed successfully, information such as the TLS/SSL protocol, cipher, hash, and peer address is returned. If the negotiation fails, only the IP address of the client is returned.

More Information


Service pack information for SQL Server

This update is fixed in the following service packs for SQL Server:

Service Pack 1 for SQL Server 2016

Service Pack 3 for SQL Server 2014

Service Pack 4 for SQL Server 2012

After you apply this update, Trace is extended and is available in the Debug channel in the SNI Tracing Event.

Among the other messages, there will be a message that begins with “SNISecurity Handshake.” Then, there will be a "handshake failed" or "handshake succeeded" message that indicates failure or success.

In the case of a failure, the client and the server could not negotiate the handshake successfully because they shared no common protocols. Because no other information is available about the client yet (the handshake occurs before the logon happens), only the client's IP address is available.

If the handshake succeeded, information about the handshake protocol is available: the cipher, its strength, the hash used, the hash strength, and the client's IP address. Because the handshake was just completed, no information about the client is yet available except its IP address.

Note This process does not apply to Microsoft SQL Server 2014 or Microsoft SQL Server 2012 because the Trace extended event is not implemented for the SNI layer in that version. For SQL Server 2014 or 2012, you must use Built-In Diagnostics (BID) traces. For more information, see this Docs article.

References


Learn about the terminology  that Microsoft uses to describe software updates.