Release Notes
Product Description
CAKM for Microsoft SQL Server EKM provides key management and data encryption capabilities, in conjunction with the CipherTrust Manager, to Microsoft SQL Server Extensible Key Management (EKM). It allows the users to perform Transparent Data Encryption (TDE) as well as cell level encryption within Microsoft SQL Server while holding their keys securely and externally in the CipherTrust Manager.
Release Description
This release includes new features and bug fixes.
Features and Enhancements
Microsoft SQL Server Always On Availability Groups: Added support for high availability configurations using Always On availability groups.
Windows Server 2025: Added support for Windows Server 2025. Refer to the Supported Platforms for details.
OpenSSL 3.0.17: The bundled OpenSSL library is upgraded to version 3.0.17, incorporating the latest security enhancements.
Resolved and Known Issues
This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.
| Severity | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
Resolved Issues
| Reference | Severity | Synopsis |
|---|---|---|
| CADP-23716 | C | Problem: Incorrect Log Level message by MS_Sql_Ekm_Log parameter. |
| CADP-23542 | H | Problem: When CAKM for Microsoft SQL Server EKM is installed using the GUI, the Log_Level parameter in the properties file is not set to WARN. |
| CADP-25067 | H | Problem: When a non-existing key is requested from CipherTrust Manager, the CAKM client tries to free unallocated memory. This leads to heap corruption, causing the user to encounter an EXCEPTION_ACCESS_VIOLATION error. |
| CADP-25761 | H | Problem: After installing CAKM version 8.7.0.002, SQL Instances perform stack dump. |
| CADP-25339 CADP-2745 CADP-22005 | C | Problem: CAKM for Microsoft SQL Server EKM does not failover when CipherTrust Manager throws an UNKNOWN_SERVER_ERROR error. |
| CADP-25859 | H | Problem: Exception c000000d EXCEPTION_INVALID_CRT_PARAMETER occurs when calling the cryptographic provider. |
| CADP-25143 | C | Problem: Impact of EXCEPTION_ACCESS_VIOLATION errors on performance of CAKM for Microsoft SQL Server EKM. |
| CADP-26617 | H | Problem: OpenSSL vulnerabilities CVE-2024-9143 and CVE-2024-13176. |
| CADP-26329 | H | Problem: SQL database instance goes in the Recovery Pending state during the CipherTrust Manager upgrade. |
| CADP-26384 CADP-26346 | C | Problem: MSSQL (2019/2016) Database instance crashes when dropping the symmetric key using the REMOVE PROVIDER KEY option in the DROP query, causing an EXCEPTION_INVALID_CRT_PARAMETER error. |
| CADP-26973 | H | Problem: CAKM DLL crashes causing MSSQL databases to enter into Recovery Pending mode. |
Known Issues
| Reference | Severity | Synopsis |
|---|---|---|
| CADP-21929 | H | Problem: In daily log rotation, the rotated log file is named using the current date timestamp, but it contains the logs from the previous day. |
| CADP-22539 | M | Problem: The log file may grow larger than the configured size limit before rotating. |
Supported Product Versions
Microsoft SQL Server
Note
MSSQL server must be updated to the latest patch.
MSSQL Server 2022
MSSQL Server 2019
MSSQL Server 2017
MSSQL Server 2016
CAKM for Microsoft SQL Server EKM also supports Microsoft SQL Server Always On Availability Groups.
Supported CipherTrust Manager
- CipherTrust Manager LTS version 2.11.1 and higher
Note
Migration from VKM to CAKM for Microsoft SQL Server EKM provider is supported from CipherTrust Manager 2.5.2 and higher.
Supported Platforms
Windows Server 2025, 64-bit
Windows Server 2022, 64-bit
Windows Server 2019, 64-bit
Windows Server 2016, 64-bit
Upgrade Paths
CAKM for Microsoft SQL Server EKM provider can be upgraded from:
Upgrade Path Upgrade Path SafeNet MSSQL EKM Provider CAKM for Microsoft SQL Server EKM provider 8.5.0 or higher Note
Upgrade is validated from SafeNet EKM 8.4.0 and higher.
VKM to CAKM for Microsoft SQL Server EKM provider
Upgrade Path Upgrade Path VKM 6.4.0 or higher CAKM for Microsoft SQL Server EKM provider 8.5.0 or higher DSM 6.4.5 or higher CipherTrust Manager 2.5.2 and higher
