220.127.116.11 TLS/SSL Negotiation State
If the next packet from the TDS client is not a TLS/SSL negotiation packet or the packet is not structurally correct, the TDS server SHOULD close the underlying transport connection, indicate an error to the upper layer, and enter the "Final State" state. A TLS/SSL negotiation packet is a PRELOGIN (0x12) packet header encapsulated with TLS/SSL payload. The TDS server MUST exchange TLS/SSL negotiation packet with the client and reenter this state until the TLS/SSL negotiation is successfully completed. In this case, TDS server enters the "Login Ready" state.