1.7 Versioning and Capability Negotiation

This document covers versioning issues in the following areas.

  • Supported Transports: This protocol can be implemented on top of any network transport protocol as discussed in section 2.1.

  • Protocol Versions: The TDS protocol supports the TDS 7.0, TDS 7.1, TDS 7.2, TDS 7.3, and TDS 7.4 explicit dialects. The dialect version is negotiated as part of the LOGIN7 message data stream, which is defined in section

    Note After a protocol feature is introduced, subsequent versions of the TDS protocol support that feature until that feature is removed.

  • Security and Authentication Methods: The TDS protocol supports SQL Server User Authentication (SQLAUTH). The TDS protocol also supports SSPI authentication and indirectly supports any authentication mechanism that SSPI supports. The use of SSPI in TDS is defined in sections and The TDS protocol also supports federated authentication.<3> The use of federated authentication in TDS is defined in sections and 3.2.5.

  • Localization: Localization-dependent protocol behavior is specified in sections and

  • Capability Negotiation: This protocol does explicit capability negotiation as specified in this section.

In general, the TDS protocol does not provide facilities for capability negotiation because the complete set of supported features is fixed for each version of the protocol. Certain features such as authentication type are not usually negotiated but rather are requested by the client. However, the protocol supports negotiation for the following two features:

  • Channel encryption: The encryption behavior that is used for the TDS session is negotiated in the initial messages exchanged by the client and the server.

  • Authentication mechanism for integrated authentication identities: The authentication mechanism that is used for the TDS session is negotiated in the initial messages exchanged by the client and the server.

For more details about encryption behavior and about how the client and server negotiate between SSPI authentication and federated authentication, see the PRELOGIN description in section

Note that the cipher suite for TLS/SSL and the authentication mechanism for SSPI and federated authentication are negotiated outside the influence of TDS in [RFC2246] and [RFC6101].