Unencrypted traffic despite encrypt=true due to TLS feature flags disablement

[willbush]

I was playing around with wireshark and comparing sql auth (username / password) on linux in this library to Microsoft.Data.SqlClient in C#.

The code I was testing just performs login / disconnect to the database in both C# and Rust.

I was puzzled as to why the traffic using Tiberius was unencryped despite me using encrypt=true in the ADO.NET connection string.

I realized it was because I used default-features = false and did not opt backin to one of the TLS feature flags:

tiberius = { version = "0.12", default-features = false, features = ["tds73", "sql-browser-tokio", "time"] }

I'm filing an issue because perhaps this should be a panic at runtime?

[tomhoule]

Hi @willbush , thanks for reporting this. I agree.

We could also error at compile time in case none of the TLS features is selected, but it is legit to not want encryption at all, and we can't know the intent before runtime, so I agree it should be a runtime error. Probably a regular error upon connecting, or do you think a panic would be preferable?

[willbush]

Sure, I think a regular error is fine.

[willbush]

we can't know the intent before runtime

Could no encryption be a opt-in feature flag? Then perhaps it could be compile time. I guess that would be an API breaking change though.