If your Microsoft SQL Server database server has been configured with an SSL certificate signed by a trusted CA, the server can be configured so that SSL encryption is either optional or required. When required, connections from clients that do support SSL encryption fail.

Although a signed trusted SSL certificate is recommended for the best degree of security, Microsoft SQL Server 2005 and higher can provide limited security protection even if an SSL certificate has not been configured on the server. If a trusted certificate is not installed, the server will use a self-signed certificate to encrypt the login request, but not the data.

The following table shows how the different EncryptionMethod property values behave with different Microsoft SQL Server configurations.

Table 1. EncryptionMethod Property and Microsoft SQL Server Configurations
Value No SSL Certificate SSL Certificate
SSL Optional SSL Required
noEncryption Login request and data are not encrypted. Login request and data are not encrypted. Connection attempt fails.
SSL Connection attempt fails. Login request and data are encrypted. Login request and data are encrypted.
requestSSL Login request and data are not encrypted. Login request and data are encrypted. Login request and data are encrypted.
loginSSL Microsoft SQL Server 2005 and higher: Login request is encrypted, but data is not encrypted

Microsoft SQL Server 2000: Connection attempt fails.

 Login request is encrypted, but data is not encrypted. Login request and data are encrypted.