Specifies whether the provider negotiates TLS/SSL encryption with the Azure Synapse endpoint and, if so, how strictly it enforces certificate validation.

Possible Values

Data Type

string

Default Value

"False"

Remarks

When this property is set to True, the driver requests an encrypted channel and validates the server’s certificate against the operating-system trust store. If the server presents a certificate that is not signed by a public certificate authority, you can supply its thumbprint by setting SSLServerCert.

When this property is set to Strict, the driver both requires encryption and enforces stronger checks: it rejects self-signed or weak certificates and prevents protocol downgrades. This mode aligns with Microsoft’s guidance for "strict encryption," making SQL Server traffic easier to secure and inspect with modern network appliances.

When this property is set to False, the driver skips TLS negotiation and sends traffic in clear text which is useful only for isolated networks or troubleshooting.

This property is helpful when you must balance security requirements against compatibility. True or Strict satisfy enterprise encryption policies, while False can diagnose handshake issues before you re-enable encryption.