I have a validation question regarding implementation of TLS 1.2.
What tools, scripts, processes, etc.. can be used to validate that TLS 1.2 is working when clients, webserver, and SQL Servers are communicating between each other?
Do I need to perform network packet sniffing, run traces, use process explorer? Is there a verbose option somewhere that can be turned on with logs reviewed?
Note: if it makes a difference, the SQL Servers involved run a variety of versions: 2008R2, 2012, and 2014.
Best Answer
First, see Aaron Bertrand's answer on TLS 1.2 with older SQL Server, and/or Aaron's SentryOne blog post.
If you're talking about the normal SQL Server connection encryption (SQL Server Configuration manager, Force Encrypt yes), with modern SQL Server, then there are two steps:
WATCH OUT FOR THIRD PARTY SOFTWARE
Lots of it does NOT support TLS of ANY kind, much less TLS 1.2, either in the application, or, much more often, during one or more parts of the installation and/or upgrade process. The vendor will be clueless if you ask beforehand, and just as clueless watching it happen in front of them.