| title | Using encryption | Microsoft Docs |
|---|---|
| ms.custom | |
| ms.date | 09/12/2019 |
| ms.prod | sql |
| ms.prod_service | connectivity |
| ms.reviewer | vanto |
| ms.technology | connectivity |
| ms.topic | conceptual |
| ms.assetid | 8e566243-2f93-4b21-8065-3c8336649309 |
| author | David-Engel |
| ms.author | v-daenge |
[!INCLUDEDriver_JDBC_Download]
Transport Layer Security (TLS) encryption enables transmitting encrypted data across the network between an instance of [!INCLUDEssNoVersion] and a client application.
Transport Layer Security (TLS) is a protocol for establishing a secure communication channel to prevent the interception of critical or sensitive information across the network and other Internet communications. TLS allows the client and the server to authenticate the identity of each other. After the participants are authenticated, TLS provides encrypted connections between them for secure message transmission.
The [!INCLUDEjdbcNoVersion] provides an infrastructure to enable and disable the encryption on a particular connection based on the user specified connection properties and the server and client settings. The user can specify the certificate store location and password, a host name to be used to validate the certificate, and when to encrypt the communication channel.
Enabling TLS encryption increases the security of data transmitted across networks between instances of [!INCLUDEssNoVersion] and applications. However, enabling encryption does slow performance.
The topics in this section describe how the [!INCLUDEjdbcNoVersion] version supports TLS encryption, including new connection properties, and how you can configure the trust store at the client-side.
Note
The hostNameInCertificate connection property is recommended to validate an TLS certificate.
| Topic | Description |
|---|---|
| Understanding encryption support | Describes how the [!INCLUDEjdbcNoVersion] supports TLS encryption. |
| Connecting with encryption | Describes how to connect to a [!INCLUDEssNoVersion] database by using the new TLS specific connection properties. |
| Configuring the client for encryption | Describes how to configure the default trust store at the client-side and how to import a private certificate to the client computer's trust store. |