Determine TLS version from established SqlConnection

For the benefit of anybody who stumbles accross this question looking for a solution to the same problem, the comment posted by Ed Harper is correct - I don't think there's a way to determine the TLS version in use by a connection from within SQL Server. You might have to resort to packet capture to determine the TLS version.

When using .NET 4.5 and above, TLS 1.2 is supported, and if a connection is established to a service which explicitly specifies TLS 1.2, the connection should work correctly.

As TLS applies to the transport OSI layer, packet capture is the correct way to confirm the TLS version, as described in the link also posted by Ed Harper - https://networkengineering.stackexchange.com/questions/20227/find-ssl-version-in-tcp-packets-in-established-tcp-connection

As our code is written for .NET 4.5, the switch to enforcing TLS 1.2 did not require any code changes.

You can get the TLS version for existing connection with extended events

https://support.microsoft.com/en-au/help/3191296/update-extends-the-trace-extended-event-with-security-protocol-handsha