>>>>>Hi,
>>>>>
>>>>>Could someone explain to me how TLS relates (technically) to the ODBC driver used when a VFP 9 application connects to the SQL Server? Every page I google for the TLS version and enabling points to having to do it in a Browser.
>>>>>But the VFP connects to the SQL Server via the ODBC driver, not browser. So, what actually goes on "under the hood"?
>>>>>TIA
>>>>
>>>>TLS (Transport Layer Security) is a cryptographic protocol designed to provide communications security over a computer network (not only the Internet)...
>>>>https://en.wikipedia.org/wiki/Transport_Layer_Security
>>>>TLS 1.2 is currently the recommended standard. Support for SQL Server is documented here:
>>>>https://support.microsoft.com/en-us/help/3135244/kb3135244-tls-1-2-support-for-microsoft-sql-server
>>>
>>>Thank you. I will go to the articles. But what if a computer does not have a Browser. How do you set the TLS enabled and to a version?
>>
>>TLS is a protocol. Web browsers are probably the most commonly used apps which implement it, but other types of apps may as well.
>>
>>In the case of web browsers, the browser client and the web server back end agree to use TLS to encrypt communications between them. In the case of SQL Server, the ODBC client and the SQL Server instance agree to use TLS to encrypt communications between them, assuming:
>>
>>- Both the ODBC client and SQL Server instance support it
>>- You've opted to enable it while creating the connection between them e.g. encrypt=yes in the connection string
>>
>>The nuts&bolts are outlined at https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine .
>
>I understand what you wrote. But what I would like to know is HOW do you enable TLS if a PC does not have a browser. I know it is a rare case when a PC does not have a browser. But it is possible.
>Also, say a PC has two browsers: IE and Chrome. Which one is preferred to use for setting up the TLS? And why?

TLS is not some global Windows-wide setting. It's an agreed-upon protocol ("language", if you will) by which two processes can securely communicate with each other. If those processes support TLS (i.e. they "speak the language") then they can communicate using it.

In order for a process to be TLS-capable it usually means including an appropriate library. The OpenSSL library is popular for use with web servers. Many programming languages include TLS libraries.

Web browsers are TLS-capable. They're a bit unusual in that some allow the user to individually enable or disable certain protocol types such as SSL 3.0, TLS 1.0/1.1/1.2/1.3. The vast majority of users should leave those settings at their defaults. Note that even if a user enables or disables certain protocols in one browser, that affects only that particular browser, not any other application that may be TLS-capable. If you, say, disable TLS 1.2 in IE, it can still be enabled in Google Chrome.

In your particular case of an ODBC driver talking to SQL Server:

- My understanding is current versions of both ODBC drivers and SQL server are TLS-capable
- There are some requirements to get it to work per the link in my previous message e.g. the server must have an authentication certificate which is trusted by the client computer
- If the prerequisites are met, on the client side you can choose to use or not use TLS on a per-connection basis with encrypt=yes in the connection string
- At the SQL Server end you can choose to enable or disable protocols individually. For best security some recommend disabling SSL 3.0, TLS 1.0 and TLS 1.1, and enabling only TLS 1.2. There are some prerequisites for this e.g. https://support.microsoft.com/en-ca/help/3135244/kb3135244-tls-1-2-support-for-microsoft-sql-server