3.3.5.1 Initial State

The "Initial State" state is a prerequisite for application-layer communication, and a lower-layer channel that can provide reliable communication MUST be established. The TDS server enters the "Initial State" state when the first packet is received from the client. The packet SHOULD be a PRELOGIN packet to set up context for login or a TLS ClientHello to set up context for the TLS handshake. A Pre-Login message is indicated by the PRELOGIN (0x12) message type described in section 2. A TLS ClientHello is indicated when the first byte is equal to 0x16.

If the first packet is not a structurally correct PRELOGIN packet, or if the PRELOGIN packet does not contain the client version as the first option token, or if the first packet is not indicated to be a TLS ClientHello, the TDS server MUST close the underlying transport connection, indicate an error to the upper layer, and enter the "Final State" state.

Otherwise, the TDS server MUST do one of the following.

  • If the first packet is a PRELOGIN packet:

    • Return to the client a PRELOGIN structure wrapped in a table response (0x04) packet and enter the "TLS/SSL Negotiation" state if encryption is negotiated.

    • Return to the client a PRELOGIN structure wrapped in a table response (0x04) packet and enter unencrypted "Login Ready" state if encryption is not negotiated.

  • If the first packet is a TLS ClientHello, the TDS server MUST enter the "TLS Negotiation" state.

If a FEDAUTHREQUIRED option is contained in the PRELOGIN structure sent by the server to the client, the TDS server MUST maintain the value of the FEDAUTHREQUIRED option in a state variable to validate the LOGIN7 message with FEDAUTH FeatureId when the message arrives, as described in section 3.3.5.5.

If no FEDAUTHREQUIRED option is contained in the PRELOGIN structure sent by the server to the client, or if the value of B_FEDAUTHREQUIRED = 0, the TDS client can treat both events as equivalent and MUST remember the event in a state variable. Either state is treated the same when the state variables are examined in the "Login Ready" state (see section 3.3.5.5 for further details).

If NONCEOPT is specified in both the client PRELOGIN message and the server PRELOGIN message, the TDS server MUST maintain a state variable that includes the values of both the NONCE it sent to the client and the NONCE the client sent to it during the PRELOGIN exchange.