![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 39%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Azure SQL Database
An Azure relational database service.
5,708 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 84%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi Aulia,
The results you are seeing are normal. In your test nmap is running its tests against the Azure SQL Gateway(s). This is not the same as fully establishing an authenticated connection to Azure SQL cluster (via Gateway or direct) using TLS 1.X version. For example, a better test would be to try to connect using SQL Server Management Studio from a PC that is capable of maximum TLS 1.1.
Azure SQL is a multi-tenant Platform-as-a-Service (PaaS) and as a result you are not connecting to a public IP address for a dedicated instance of SQL Server. Instead it is shared by many different customers, some of which may allow TLS 1.0 or 1.1.
Since the service still supports TLS 1.0/1.1 (if customer allows it) the components will still show as supporting these lower versions when performing the type of tests in ssl-enum-ciphers nmap script. Conversely if you attempt to fully connect to your logical Azure SQL Server using a TLS version lower than configured minimum you should receive an error and the connection fail.
Azure SQL Database and Azure Synapse Analytics connectivity architecture
Please click Accept Answer and upvote if the above was helpful.
Thanks.
-TP