Microsoft® SQL Server™ 2000 can use the Secure Sockets Layer (SSL) to encrypt all data transmitted between an application computer and a SQL Server instance on a database computer. The SSL encryption is performed within the Super Socket Net-Library (Dbnetlib.dll and Ssnetlib.dll) and applies to all inter-computer protocols supported by SQL Server 2000. When SSL encryption is active, the Super Socket Net-Library performs the SSL encryption before calling:
SSL encryption works only with instances of SQL Server 2000 running on a computer that has been assigned a certificate from a public certification authority. The computer on which the application is running must also have a root CA certificate from the same authority.
The Net-Library encryption is implemented using the Secure Sockets Layer API. The level of encryption, 40-bit or 128-bit, depends on the version of the Microsoft Windows® operating system that is running on the application and database computers.
Enabling encryption slows the performance of the Net-Libraries. Encryption forces these actions in addition to all of the work for an unencrypted connection:
Shared memory Net-Library communications are inherently secure without the need for encryption. The shared memory Net-Library never participates in inter-computer communications. The area of memory shared between the application process and the database engine process cannot be accessed from any other Windows process.
For compatibility with earlier versions of SQL Server, the Multiprotocol Net-Library continues to support its own encryption. This encryption is specified independently of the SSL encryption and is implemented by calling the Windows RPC encryption API. It does not require the use of certificates. The level of RPC encryption, 40-bit or 128-bit, depends on the version of the Windows operating system that is running on the application and database computers. The Multiprotocol Net-Library is not supported by named instances.