3.3.5.2 TLS/SSL Negotiation State

Applies to only TDS 7.x

If the next packet from the TDS client is not a TLS/SSL negotiation packet or the packet is not structurally correct, the TDS server MUST close the underlying transport connection, indicate an error to the upper layer, and enter the "Final State" state.

A TLS/SSL negotiation packet is a PRELOGIN (0x12) packet header encapsulated with TLS/SSL payload. The TDS server MUST exchange a TLS/SSL negotiation packet with the client and reenter this state until the TLS/SSL negotiation is successfully completed. In this case, the TDS server enters the "Login Ready" state.