This has come up a couple of times, so I thought I’d clip these instructions from the p.6-7 of the Tessitura PA-DSS Implementation Guide. This refers to turning on the Force Encryption setting in the SQL Server so that all traffic to and from the SQL Server always goes over SSL.
In order to ensure that no passwords, card numbers, or other sensitive data are transmitted across the network in clear text, turn the Force Encryption property on in the SQL Server Configuration Manager Utility.
To do this, right click under Protocols for <Servername> and choose Properties. From the dropdown next to Force Encryption,choose Yes, and then restart the SQL Server instance.
SSL version 3.0 encryption must be used. To ensure that SSL 2.0 is disabled on the database server, follow the instructions in the Microsoft Knowledgebase article http://support.microsoft.com/kb/187498.
Rob™