How to avoid Men in Middle attack when you try establishing a new connection to SQL Azure via SSMS


Fact: All connections with SQL Azure are SSL encrypted. No exception.

Then what am I talking about? Why do I need to worry about Men in Middle attack now?

Turns out there’s a way, Men in Middle attack can happen – Not on your established connection But when the client first tries to establish a new connection. And in this blog post, we are going to see how to avoid Men in Middle attack when you first try establishing a new connection via SSMS.

BTW: I have not researched on how to do it from developers perspective, but if any developer is reading this and has figured it out – it would be great if you can share it with us via any communication means of your choice. (Thanks a lot – if you do so).

[Update: See Bottom of the post]

Any-who. Back to SSMS.

All you got to do to avoid this improbable situation to happen is just check the “Encrypt connection”in the connection property when you try establishing a *new* connection to SQL Azure.

That’s it.

if the client requests encryption from the beginning then our connection is not susceptible to Men in Middle attach while the client is negotiating with the server for encryption.

Categorize under “Best practice” if  you wish to.


Update: Developers, When you connect to SQL Azure using ADO.Net – please do not forget to set 1. Encrypt = TRUE and 2. TrustServerCertificate = False  to avoid man in middle attack.


And Thanks to Herve Roggero for his response on my (poorly framed) question on StackOverflow. I am glad, he understood what I meant!  Thanks sir :)