> For the complete documentation index, see [llms.txt](https://www.netexec.wiki/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.netexec.wiki/mssql-protocol/enumeration/enumerating-encryption-settings.md).

# Enumerating encryption settings

By default MSSQL databases do not enforce TLS ciphering which makes eavesdroping possible. There are two configurations values that can be set:

* Force encryption: that will force establishing a TLS tunnel via the STARTTLS mechanism ;
* Force strict encryption: which will force a standard TLS tunnel without having to use the STARTTLS mechanism.

NetExec will tell you whether one of these two options is enabled via the EncryptionReq flag on the host enumeration:

```bash
nxc mssql 192.168.56.0/24
MSSQL       192.168.56.72   1433   SRV22            [*] Windows Server 2022 Build 20348 (name:SRV22) (domain:whiteflag.local) (EncryptionReq:True)
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.netexec.wiki/mssql-protocol/enumeration/enumerating-encryption-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.