SQL network encryption - c++

I have set up SQL network encryption using the server manager using below steps:
Select certificate
Set force encryption to true
Restart server
From my C++ client application, I am able to establish association and also using Wireshark was able to verify that it is encrypted. I used SQL Server driver.
One surprise was that I didn’t have the certificate installed in my client.
Now I use ODBC driver and as expected it throws up validation error for certificate chain.
Why does SQL server driver not throw certificate chain error? How does it establish encrypted association even when client does not have certificate?
Additionally, just noticed that for SQL Driver, network encryption happens based on the Force encryption flag set at server side. While for ODBC driver it seems to be based on what is set in connection string. Can someone correct me?

Related

Use SignalR-Client-Cpp with client certificate from windows cert store

I am trying to communicate via SignalR with a server which requires client authentication with a certificate. Hence, i receive the following error when trying to start the connection:
"connection could not be started due to: WinHttpSendRequest: 12044: A certificate is required to complete client authentication".
My program is in cpp, so i use the SignalR-Client-Cpp which is integrate to my project via vcpkg.
My implementation is similar to the example in readme.md, you can use it as a base for a sample code.
My client-certificate is stored in Windows certificate store. How can I establish the connection with this certificate?

Grpc c++ client to connect in secure mode using server side tls

I have grpc server in Java and client in C++, I want to connect grpc client to server in tls mode without using certificates on client side. I am using the default methods and trying to connect but getting grpc code as 12.
creds = grpc::SslCredentials(grpc::SslCredentialsOptions());
Note:- No issue with proto files as it works fine in insecure mode
Which cert is your server using? If it's self-signed or not signed by a standard CA (whose root cert should be present in the standard trust store) then you need to make sure you are using a custom root cert on the client

Trying to connect to Sybase and Azure SQL server using python with TLS enabled connections

I am tyring to connect from AWS to Sybase database and Azure SQL server using python (pymssql) and have the TLS enabled on the connections. This does not seem work even after trying (How to configure pymssql with SSL support on Ubuntu?).
Details: The encryption is turned on in freetds/pymssql. tsql -C, shows that OpenSSL is enabled. But when I check the SQL server side if the connection is encrypted, using this, SELECT *,encrypt_option FROM sys.dm_exec_connections, I see that the encrypt_option='False'
So, I am trying to see if pyodbc is the route that needs to be picked. Trying to see what are the odbc driver options for pyodbc to connect to Sybase with TLS enabled?
In order to connect to Azure SQL, I used pyodbc and ODBC Driver 17 for SQL Server.
In the pyodbc connect, I provided - Encrypt=YES;trustServerCertificate=Yes' in order to encrypt the connection and verified on the SQL server side, that the connection is encyrpted.
In order to connect to Sybase, I used pyodbc and FreeTDS driver with Encrypt=Yes option.

Make OpenSSL server only accept connections from clients that already have the server's public certificate

I'm still learning to program in C++ using OpenSSL, and trying to build and application where the client initiates the connections to the server. I have
Generated a certificate/key pair using OpenSSL (as .pem)
Called the SSL_use_certificate_file/PrivateKey_file in the server's initialization
Store the server's certificate with the clien and verify the certificate on client side when trying to connect to server
I noticed that even when I passed an incorrect certificate to the client and (correctly) failed 3., the connection still goes through, and the client and server continue doing whatever they were originally supposed to do.
What I would like to ask is,
Is there something wrong with how I'm using the certificate?
How can I make it such that the connection will fail if the client does not have the server's certificate?
You seem to have a design flaw.
The point of a server certificate is to protect the client. If you control the client, you should use the (detected) failure to abort the connection from the client side.
If you don't control the client, but need to trust it, you need to use client certificates. These are much less common, but definitely allowed in the SSL/TLS protocol underlying HTTPS. The effect of a client certificate is reversed: when the server detects a failure with a client certificate, the server can disconnect.

ColdFusion 10 Administrator - Secure DNS

We have a webserver connected to an old database. The old database server is end of life. When we set that up we did not need a secure connection. Now we have a new database on a new database server. Our IT department is requiring this to be a secure connection (even though it's an intranet).
Using ColdFusion Administrator I tried simply editing the URL of the server, but I get this error:
Connection verification failed for data source: xxxxxxxx
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer
JDBC Driver]The SQL Server login requires an SSL connection. The root
cause was that: java.sql.SQLNonTransientConnectionException:
[Macromedia][SQLServer JDBC Driver]The SQL Server login requires an
SSL connection.
That's when I heard from my IT people that it needs to be a secure connection.
I have no idea how to do that, and Google didn't offer me any help, probably because I don't know what to search for.
Could one of you wonderful people please offer a suggestion on how to create a secure connection from ColdFusion Administrator 10 to MS SQL 2008?
Thank you