{"id":2232,"date":"2018-09-13T15:06:35","date_gmt":"2018-09-13T15:06:35","guid":{"rendered":"https:\/\/nenadnoveljic.com\/blog\/?p=2232"},"modified":"2018-09-13T15:06:35","modified_gmt":"2018-09-13T15:06:35","slug":"cipher-suite-tds-encryption","status":"publish","type":"post","link":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/","title":{"rendered":"Which Cipher Suite is being used for TDS Encryption?"},"content":{"rendered":"

Unfortunately, SQL Server doesn’t expose the information about the cipher suite used for Tabular Data Stream (TDS) encryption. But we can get this information by tracing the TCP connection with Microsoft (MS) Message Analyzer<\/a>. MS Message Analyzer is a network tracing tool which can also reliably interpret higher protocols.<\/p>\n

Mind that the tool doesn’t know that the used protocol is TDS if the SQL Server instance is running on a non-default port. Therefore, you’d need to assign the instance port number to the protocol. This is done through the menu option “Tools -> Options -> Parsing -> TDS -> Ports”<\/p>\n

Also, it makes sense to filter the traffic based on the instance port number and the client address, like “*Port==xxxx and *Address==x.x.x.x”.<\/p>\n

The cipher suite is negotiated during the handshake.<\/p>\n

First, the client sends a ClientHello message containing all of the client-supported cipher suites:<\/p>\n

Name\tValue\tBit Offset\tBit Length\tType\t\r\nbody\tClientHello{client_version=TLS \r\n...\r\ncipher_suites_length_in_bytes\t56\t608\t16\tUInt16\t\r\ncipher_suites\t[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5]\t624\t448\tArrayValue`1\t\r\n[0]\tTLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(49192)\t\t\tUInt16\t\r\n[1]\tTLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(49191)\t\t\tUInt16\t\r\n[2]\tTLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(49172)\t\t\tUInt16\t\r\n[3]\tTLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(49171)\t\t\tUInt16\t\r\n[4]\tTLS_DHE_RSA_WITH_AES_256_GCM_SHA384(159)\t\t\tUInt16\t\r\n[5]\tTLS_DHE_RSA_WITH_AES_128_GCM_SHA256(158)\t\t\tUInt16\t\r\n[6]\tTLS_DHE_RSA_WITH_AES_256_CBC_SHA(57)\t\t\tUInt16\t\r\n[7]\tTLS_DHE_RSA_WITH_AES_128_CBC_SHA(51)\t\t\tUInt16\t\r\n[8]\tTLS_RSA_WITH_AES_256_GCM_SHA384(157)\t\t\tUInt16\t\r\n[9]\tTLS_RSA_WITH_AES_128_GCM_SHA256(156)\t\t\tUInt16\t\r\n[10]\tTLS_RSA_WITH_AES_256_CBC_SHA256(61)\t\t\tUInt16\t\r\n[11]\tTLS_RSA_WITH_AES_128_CBC_SHA256(60)\t\t\tUInt16\t\r\n[12]\tTLS_RSA_WITH_AES_256_CBC_SHA(53)\t\t\tUInt16\t\r\n[13]\tTLS_RSA_WITH_AES_128_CBC_SHA(47)\t\t\tUInt16\t\r\n[14]\tTLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(49196)\t\t\tUInt16\t\r\n[15]\tTLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(49195)\t\t\tUInt16\t\r\n[16]\tTLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(49188)\t\t\tUInt16\t\r\n[17]\tTLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(49187)\t\t\tUInt16\t\r\n[18]\tTLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(49162)\t\t\tUInt16\t\r\n[19]\tTLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(49161)\t\t\tUInt16\t\r\n[20]\tTLS_DHE_DSS_WITH_AES_256_CBC_SHA256(106)\t\t\tUInt16\t\r\n[21]\tTLS_DHE_DSS_WITH_AES_128_CBC_SHA256(64)\t\t\tUInt16\t\r\n[22]\tTLS_DHE_DSS_WITH_AES_256_CBC_SHA(56)\t\t\tUInt16\t\r\n[23]\tTLS_DHE_DSS_WITH_AES_128_CBC_SHA(50)\t\t\tUInt16\t\r\n[24]\tTLS_RSA_WITH_3DES_EDE_CBC_SHA(10)\t\t\tUInt16\t\r\n[25]\tTLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA(19)\t\t\tUInt16\t\r\n[26]\tTLS_RSA_WITH_RC4_128_SHA(5)\t\t\tUInt16\t\r\n[27]\tTLS_RSA_WITH_RC4_128_MD5(4)\t\t\tUInt16\t<\/code><\/pre>\n
Next, the server answers with a ServerHello mesage containing the chosen cipher suite:<\/p>\n
Name\tValue\tBit Offset\tBit Length\tType\t\r\nbody\tServerHello{server_version=TLS \r\n...\r\n cipher_suite\tTLS_DHE_RSA_WITH_AES_256_GCM_SHA384(159)<\/span>\t608\t16\tIANA.CipherSuite<\/code><\/pre>\n
Finally, the client sends a ChangeCipherSpec message to signal the encryption activation:<\/p>\n
Name\tValue\tBit Offset\tBit Length\tType\t\r\nrecords\t[ChangeCipherSpec,Handshake(Encrypted)]\t0\t408\tArrayValue`1 <\/code><\/pre>\n
Reference:<\/p>\n
  • Traffic Analysis of an SSL\/TLS Session<\/a>, Alvaro Castro-Castilla<\/li>\n","protected":false},"excerpt":{"rendered":"
    Tracing TCP to find out the cipher suite which is being used for TDS encryption Continue Reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[26,17],"tags":[],"class_list":["post-2232","post","type-post","status-publish","format-standard","hentry","category-encryption","category-sql-server"],"yoast_head":"\nWhich Cipher Suite is being used for TDS Encryption? - All-round Database Topics<\/title>\n<meta name=\"description\" content=\"Tracing TCP to find out the cipher suite which is being used for TDS encryption\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Which Cipher Suite is being used for TDS Encryption? - All-round Database Topics\" \/>\n<meta property=\"og:description\" content=\"Tracing TCP to find out the cipher suite which is being used for TDS encryption\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/\" \/>\n<meta property=\"og:site_name\" content=\"All-round Database Topics\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-13T15:06:35+00:00\" \/>\n<meta name=\"author\" content=\"Nenad Noveljic\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@NenadNoveljic\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nenad Noveljic\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/\"},\"author\":{\"name\":\"Nenad Noveljic\",\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/#\\\/schema\\\/person\\\/51458d9dd86dbbdd19f5add451d44efa\"},\"headline\":\"Which Cipher Suite is being used for TDS Encryption?\",\"datePublished\":\"2018-09-13T15:06:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/\"},\"wordCount\":196,\"commentCount\":0,\"articleSection\":[\"encryption\",\"SQL Server\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/\",\"url\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/\",\"name\":\"Which Cipher Suite is being used for TDS Encryption? - All-round Database Topics\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/#website\"},\"datePublished\":\"2018-09-13T15:06:35+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/#\\\/schema\\\/person\\\/51458d9dd86dbbdd19f5add451d44efa\"},\"description\":\"Tracing TCP to find out the cipher suite which is being used for TDS encryption\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/cipher-suite-tds-encryption\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Which Cipher Suite is being used for TDS Encryption?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/\",\"name\":\"All-round Database Topics\",\"description\":\"Nenad Noveljic\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/#\\\/schema\\\/person\\\/51458d9dd86dbbdd19f5add451d44efa\",\"name\":\"Nenad Noveljic\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a97b796613ea48ec8a7b79c8ffe1c685dcffc920c68121f6238d5caab5070670?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a97b796613ea48ec8a7b79c8ffe1c685dcffc920c68121f6238d5caab5070670?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a97b796613ea48ec8a7b79c8ffe1c685dcffc920c68121f6238d5caab5070670?s=96&d=mm&r=g\",\"caption\":\"Nenad Noveljic\"},\"sameAs\":[\"nenad-noveljic-9b746a6\",\"https:\\\/\\\/x.com\\\/NenadNoveljic\"],\"url\":\"https:\\\/\\\/nenadnoveljic.com\\\/blog\\\/author\\\/nenad\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Which Cipher Suite is being used for TDS Encryption? - All-round Database Topics","description":"Tracing TCP to find out the cipher suite which is being used for TDS encryption","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/","og_locale":"en_US","og_type":"article","og_title":"Which Cipher Suite is being used for TDS Encryption? - All-round Database Topics","og_description":"Tracing TCP to find out the cipher suite which is being used for TDS encryption","og_url":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/","og_site_name":"All-round Database Topics","article_published_time":"2018-09-13T15:06:35+00:00","author":"Nenad Noveljic","twitter_card":"summary_large_image","twitter_creator":"@NenadNoveljic","twitter_misc":{"Written by":"Nenad Noveljic","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/#article","isPartOf":{"@id":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/"},"author":{"name":"Nenad Noveljic","@id":"https:\/\/nenadnoveljic.com\/blog\/#\/schema\/person\/51458d9dd86dbbdd19f5add451d44efa"},"headline":"Which Cipher Suite is being used for TDS Encryption?","datePublished":"2018-09-13T15:06:35+00:00","mainEntityOfPage":{"@id":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/"},"wordCount":196,"commentCount":0,"articleSection":["encryption","SQL Server"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/","url":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/","name":"Which Cipher Suite is being used for TDS Encryption? - All-round Database Topics","isPartOf":{"@id":"https:\/\/nenadnoveljic.com\/blog\/#website"},"datePublished":"2018-09-13T15:06:35+00:00","author":{"@id":"https:\/\/nenadnoveljic.com\/blog\/#\/schema\/person\/51458d9dd86dbbdd19f5add451d44efa"},"description":"Tracing TCP to find out the cipher suite which is being used for TDS encryption","breadcrumb":{"@id":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nenadnoveljic.com\/blog\/cipher-suite-tds-encryption\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nenadnoveljic.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Which Cipher Suite is being used for TDS Encryption?"}]},{"@type":"WebSite","@id":"https:\/\/nenadnoveljic.com\/blog\/#website","url":"https:\/\/nenadnoveljic.com\/blog\/","name":"All-round Database Topics","description":"Nenad Noveljic","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nenadnoveljic.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/nenadnoveljic.com\/blog\/#\/schema\/person\/51458d9dd86dbbdd19f5add451d44efa","name":"Nenad Noveljic","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a97b796613ea48ec8a7b79c8ffe1c685dcffc920c68121f6238d5caab5070670?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a97b796613ea48ec8a7b79c8ffe1c685dcffc920c68121f6238d5caab5070670?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a97b796613ea48ec8a7b79c8ffe1c685dcffc920c68121f6238d5caab5070670?s=96&d=mm&r=g","caption":"Nenad Noveljic"},"sameAs":["nenad-noveljic-9b746a6","https:\/\/x.com\/NenadNoveljic"],"url":"https:\/\/nenadnoveljic.com\/blog\/author\/nenad\/"}]}},"_links":{"self":[{"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/posts\/2232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/comments?post=2232"}],"version-history":[{"count":1,"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/posts\/2232\/revisions"}],"predecessor-version":[{"id":2235,"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/posts\/2232\/revisions\/2235"}],"wp:attachment":[{"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/media?parent=2232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/categories?post=2232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nenadnoveljic.com\/blog\/wp-json\/wp\/v2\/tags?post=2232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}