Expand description
§mssql-tls
TLS negotiation layer for SQL Server connections.
This crate handles the complexity of TLS negotiation for both TDS 7.x (pre-login encryption negotiation) and TDS 8.0 (strict TLS-first mode).
§TDS Version Differences
§TDS 7.x (SQL Server 2019 and earlier)
TCP Connect → PreLogin (cleartext) → TLS Handshake → Login7 (encrypted)§TDS 8.0 (SQL Server 2022+ strict mode)
TCP Connect → TLS Handshake → PreLogin (encrypted) → Login7 (encrypted)§Features
- TLS 1.2 and TLS 1.3 support via rustls
- Server certificate validation
- Hostname verification
- Custom certificate authority support
- Client certificate authentication (TDS 8.0)
§Security
By default, this crate validates server certificates using the Mozilla
root certificate store. The TrustServerCertificate option disables
validation but logs a warning - this should only be used for development.
ⓘ
use mssql_tls::{TlsConfig, TlsConnector, default_tls_config};
// Secure default configuration
let config = default_tls_config()?;
// Or use the builder pattern
let tls_config = TlsConfig::new()
.strict_mode(true) // TDS 8.0
.min_protocol_version(TlsVersion::Tls13);Re-exports§
pub use config::ClientAuth;pub use config::TlsConfig;pub use config::TlsVersion;pub use connector::TlsConnector;pub use connector::default_tls_config;pub use error::TlsError;pub use prelogin_wrapper::TlsPreloginWrapper;
Modules§
- config
- TLS configuration options.
- connector
- TLS connector for establishing encrypted connections.
- error
- TLS-related error types.
- prelogin_
wrapper - TDS PreLogin wrapper for TLS handshake.
Structs§
- Certificate
Der - A DER-encoded X.509 certificate; as specified in RFC 5280
- TlsStream
- A wrapper around an underlying raw stream which implements the TLS or SSL protocol.
Enums§
- Private
KeyDer - A DER-encoded X.509 private key, in one of several formats
- TlsNegotiation
Mode - TDS TLS negotiation mode.