If your Microsoft SQL Server database server has been configured with an TLS/SSL certificate signed by a trusted CA, the server can be configured so that TLS/SSL encryption is either optional or required. When required, connections from clients that do support TLS/SSL encryption fail.

Although a signed trusted TLS/SSL certificate is recommended for the best degree of security, Microsoft SQL Server can provide limited security protection even if a TLS/SSL certificate has not been configured on the server. If a trusted certificate is not installed, the server will use a self-signed certificate to encrypt the login request, but not the data.

The following table shows how the different EncryptionMethod property values behave with different Microsoft SQL Server configurations.

Table 1. EncryptionMethod property values and Microsoft SQL Server configurations
Value No TLS/SSL Certificate TLS/SSL Certificate
TLS/SSL Optional TLS/SSL Required
noEncryption Login request and data are not encrypted. Login request and data are not encrypted. Connection attempt fails.
SSL Connection attempt fails. Login request and data are encrypted. Login request and data are encrypted.
Strict Connection attempt fails. Login request and data are encrypted. Login request and data are encrypted.
requestSSL Login request and data are not encrypted. Login request and data are encrypted. Login request and data are encrypted.
loginSSL Login request is encrypted, but data is not encrypted Login request is encrypted, but data is not encrypted. Login request and data are encrypted.