Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turn Off "Security Warning "The negotiated TLS 1.0..." if Encrypt=false passed in Connection String #1434

Closed
zkost opened this issue Dec 14, 2021 · 2 comments · Fixed by #1457
Closed

Turn Off "Security Warning "The negotiated TLS 1.0..." if Encrypt=false passed in Connection String #1434

zkost opened this issue Dec 14, 2021 · 2 comments · Fixed by #1457

Comments

@zkost
Copy link

zkost commented Dec 14, 2021

Is your feature request related to a problem? Please describe.

In a development or internal network setting and where "Encrypt=false" in the connection string, a warning is sent to the console that is interfering with other console output produced by our apps. Also this is an unnecessary performance hit to our apps as this message is written to the console every time a new DbContext session/connection is established.

The specific warning is = Security Warning: The negotiated TLS 1.0 is an insecure protocol and is supported for backward compatibility only. The recommended protocol version is TLS 1.2 and later."

Describe the solution you'd like

Solution 1: automatically disable this warning message if "Encrypt=false"
Solution 2: Add another switch in the connection string that turns this warning off when combined with "Encrypt=false"

Describe alternatives you've considered

Additional context
@zkost zkost changed the title Turn Off "Security Warning Security The negotiated TLS 1.0..." if Encrypt=false passed in Connection String Turn Off "Security Warning "The negotiated TLS 1.0..." if Encrypt=false passed in Connection String Dec 14, 2021
@DavoudEshtehari
Copy link
Contributor

Using "Encrypt=false" means after login the data transmission happens without encryption. But, the login process still could use encryption. I'll add it to the triage board for more discussion.

@zkost
Copy link
Author

zkost commented Dec 15, 2021

Thanks Davoud, No contest to your response and thank you for adding it to the triage board;

Additional note - I understand the goal for ensuring conscious security state by the developer in using Microsoft.Data.SqlClient, but If one consciously disables the use of encryption "Ecrypt=false" in scenarios of development or internal network isolation from the outside world as in a sandbox, then is having TdsParserHelperClasses.GetProtocolWarning() drop a warning message on every login in TdsParser.cs#L955, well? Is it necessary? To your point, this error is related to "encrypt login" #L900 of the same source file. Is there a way to set EncryptionOptions.NOT_SUP via the connection string?

This message is a real issue in our world. Hoping for your direction or workaround to disable the message for use in our sandboxes and still keeping current with the current and future updates of this API.

Thank you
Ben

@DavoudEshtehari DavoudEshtehari mentioned this issue Jan 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Suppress TLS security warning with Encrypt=false by new AppContext switch DavoudEshtehari/SqlClient
2 participants
@zkost @DavoudEshtehari