Purpose

Determines whether data is encrypted and decrypted when transmitted over the network between the driver and database server.

Valid values

noEncryption | SSL | Strict | requestSSL | loginSSL

Behavior

If set to noEncryption, data is not encrypted or decrypted.

If set to SSL, data is encrypted using TLS/SSL. If the database server does not support TLS/SSL, the connection fails and the driver throws an exception.

If set to Strict, the driver uses the TDS (Tabular Data Stream) 8.0 protocol to support TLSv1.3 encryption for SQL Server connections. You must specify this value when your server is configured with Force Strict Encryption=yes.
Important: When using strict connection encryption:
  • The driver validates the certificates sent by the server (ValidateServerCertificate=true) for the connection, regardless of the setting of the ValidateServerCertificate property.
  • You must specify a truststore containing the server certificate against which the server will be validated at connection.

If set to requestSSL, the login request and data is encrypted using TLS/SSL. If the database server does not support TLS/SSL, the driver establishes an unencrypted connection.

If set to loginSSL, the login request is encrypted using TLS/SSL. Data is encrypted using TLS/SSL If the database server is configured to require TLS/SSL. If the database server does not require TLS/SSL, data is not encrypted and only the login request is encrypted.

Notes

  • For all the values, the TLS/SSL protocol used is determined by the setting of the CryptoProtocolVersion connection property.

  • When establishing a connection to Microsoft Azure Synapse Analytics, Microsoft Analytics Platform System, or Microsoft Windows Azure SQL Database, the driver will enable TLS/SSL data encryption by default (EncryptionMethod=SSL).

  • Connection hangs can occur when the driver is configured for TLS/SSL and the database server does not support TLS/SSL. You may want to set a login timeout using the LoginTimeout property to avoid problems when connecting to a server that does not support TLS/SSL.
  • If TLS/SSL is enabled, the driver communicates with database protocol packets that are set by the server’s default packet size. Any value set by the PacketSize property is ignored.
  • If TLS/SSL is enabled, the following properties also apply:

    CryptoProtocolVersion

    HostNameInCertificate

    TrustStore

    TrustStorePassword

    ValidateServerCertificate

Data source method

public String getEncryptionMethod()

public void setEncryptionMethod(String)

Default

noEncryption

Data type

String

See also