Skip to content

Enforce TLS Connections


The network protocol between a Microsoft SQL Server and the client is not secure unless a properly configured X.509 certificate is installed and the server is then configured to only allow TLS connections from clients.


The original authentication method used was based on outdated, flawed cryptography. An attacker who can intercept traffic between a client and the server can obtain the password used. In order to prevent this, a correctly configured TLS session must be used.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'force encryption enabled' is set to 1
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'forceencryption', "1")

    return {