How to (completely) turn off protocol encryption in SQL Server? (the checkbox in server network utility is unchecked)

ron.bennatan_at_gmail.com
Date: 03/25/05

  • Next message: Ron: "How to force usage on NTLM" 
    Date: 24 Mar 2005 15:02:16 -0800

    Hi,

    I am trying to revert back to a completely unencrypting state in SQL
    Server - and am not succeeding. Aparently, there are some "left overs"
    that I am not able to get rid of. Of course I unchecked the Force
    Protocol Encryption option in the Server network utility and I even
    went a step further in that I added the Certificate key to the registry
    under SuperSocketNetLib and even deleted all the certificates from the
    local machine.

    Here are the details of what I did and what I can't get rid of:

    - I am running SQL Server 2000 SP 3 build 760
    - The machine I am running SQL Server on is also running a CA server
    - A while back I enabled protocol encryption and installed a server
    authentication certificate by the DNS name of the box; all worked fine
    - I then disabled protocol encryption
    - I added an entry to the registry as:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\SuperSocketNetLib]
    "Certificate"="0"

    - I also tried it as dword
    - I deleted the certificate using mmc
    - I restarted SQL Server

    My problem is that _some_ of the protocol is still being encrypted.
    Specifically, while most of the connection is not being encrypted, the
    initial handshake between the client and the server is still encrypted.

    How do I revert back to the original state where nothing is being
    encrypted or modified?

    Thanks very much for any help,
    -Ron

  • Next message: Ron: "How to force usage on NTLM"

    Relevant Pages

    • RE: Help Newbie..Upload file from SQL Server
      ... Enable SSL Encryption for SQL Server 2000 with Microsoft Management ... Steps to Use to Install a Certificate on a Server with Microsoft Management ... Steps to Enable Encryption for a Specific Client ...
      (microsoft.public.sqlserver.programming)
    • Re: SSIS as part of scheduled job fails
      ... might not have Encryption support, but it shouldn't be trying to use SQL ... Microsoft SQL Server Management Studio ...
      (microsoft.public.sqlserver.dts)
    • Re: ssl renewal questions
      ... Just on the server which I guess explains the clients being able to ... the certificate is invalid ... >> but connections continue to be encrypted and restarts of sql ... >>> appears that I had to stop and restart the sql process to get certs ...
      (microsoft.public.sqlserver.security)
    • Encrypting off-site with certificates public key
      ... I thought it would be wise to use a certificate encryption scheme to allow ... Then the data is written into a varbinarycolumn on the central server ... For some reason the public key is generating a different algorithm on .NET ...
      (microsoft.public.sqlserver.security)
    • Re: Policy settings tool and username tokens (not x509)
      ... the wse setup tool is telling me "I'm making you give me an x509 server cert ... to do any encryption, something isn't right. ... > Having both client and server tokens allows the default WSE client to ... > require that the CN name in the certificate match the name of the ...
      (microsoft.public.dotnet.framework.webservices.enhancements)