diff --git a/docs/src/main/sphinx/connector/sqlserver.rst b/docs/src/main/sphinx/connector/sqlserver.rst
index 3b2dd87b4b43..ddf04281ad80 100644
--- a/docs/src/main/sphinx/connector/sqlserver.rst
+++ b/docs/src/main/sphinx/connector/sqlserver.rst
@@ -30,7 +30,7 @@ appropriate for your setup:
 .. code-block:: properties
 
     connector.name=sqlserver
-    connection-url=jdbc:sqlserver://<host>:<port>;database=<database>
+    connection-url=jdbc:sqlserver://<host>:<port>;database=<database>;encrypt=false
     connection-user=root
     connection-password=secret
 
@@ -49,20 +49,21 @@ properties files.
 Connection security
 ^^^^^^^^^^^^^^^^^^^
 
-If you have TLS configured with a globally-trusted certificate installed on your
-data source, you can enable TLS between your cluster and the data
-source by appending a parameter to the JDBC connection string set in the
-``connection-url`` catalog configuration property.
+The JDBC driver, and therefore the connector, automatically use Transport Layer
+Security (TLS) encryption and certificate validation. This requires a suitable
+TLS certificate configured on your SQL Server database host.
 
-For example, with the JDBC driver for SQL Server 2019, enable TLS by appending
-the ``encrypt=true`` parameter to the ``connection-url`` configuration property:
+If you do not have the necessary configuration established, you can disable
+encryption in the connection string with the ``encrypt`` property:
 
 .. code-block:: properties
 
-  connection-url=jdbc:sqlserver://<host>:<port>;database=<database>;encrypt=true
+  connection-url=jdbc:sqlserver://<host>:<port>;database=<database>;encrypt=false
 
-For more information on TLS configuration options, see the `SQL Server JDBC
-driver documentation <https://docs.microsoft.com/en-us/sql/connect/jdbc/building-the-connection-url>`_.
+Further parameters like ``trustServerCertificate``, ``hostNameInCertificate``,
+``trustStore``, and ``trustStorePassword`` are details in the `TLS section of
+SQL Server JDBC driver documentation
+<https://docs.microsoft.com/en-us/sql/connect/jdbc/using-ssl-encryption>`_.
 
 Multiple SQL Server databases or servers
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/plugin/trino-sqlserver/src/test/java/io/trino/plugin/sqlserver/TestingSqlServer.java b/plugin/trino-sqlserver/src/test/java/io/trino/plugin/sqlserver/TestingSqlServer.java
index 27aa55e5aaec..ebf622c699e8 100644
--- a/plugin/trino-sqlserver/src/test/java/io/trino/plugin/sqlserver/TestingSqlServer.java
+++ b/plugin/trino-sqlserver/src/test/java/io/trino/plugin/sqlserver/TestingSqlServer.java
@@ -135,6 +135,10 @@ public String getUsername()
         // enable case sensitive (see the CS below) collation for SQL identifiers
         container.addEnv("MSSQL_COLLATION", "Latin1_General_CS_AS");
 
+        // TLS and certificate validation are on by default, and need
+        // to be disabled for tests.
+        container.withUrlParam("encrypt", "false");
+
         Closeable cleanup = startOrReuse(container);
         try {
             setUpDatabase(sqlExecutorForContainer(container), databaseName, databaseSetUp);
diff --git a/pom.xml b/pom.xml
index 513a6be764e9..580763a95439 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1100,7 +1100,7 @@
             <dependency>
                 <groupId>com.microsoft.sqlserver</groupId>
                 <artifactId>mssql-jdbc</artifactId>
-                <version>9.4.1.jre11</version>
+                <version>10.2.0.jre11</version>
             </dependency>
 
             <dependency>
diff --git a/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/singlenode-sqlserver/sqlserver.properties b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/singlenode-sqlserver/sqlserver.properties
index a3fcfe55d80c..69f98887e2a0 100644
--- a/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/singlenode-sqlserver/sqlserver.properties
+++ b/testing/trino-product-tests-launcher/src/main/resources/docker/presto-product-tests/conf/environment/singlenode-sqlserver/sqlserver.properties
@@ -1,5 +1,5 @@
 connector.name=sqlserver
-connection-url=jdbc:sqlserver://sqlserver
+connection-url=jdbc:sqlserver://sqlserver;encrypt=false
 connection-user=sa
 connection-password=SQLServerPass1
 allow-drop-table=true
diff --git a/testing/trino-product-tests/src/main/resources/tempto-configuration.yaml b/testing/trino-product-tests/src/main/resources/tempto-configuration.yaml
index 8b83558543a6..ebd743630d29 100644
--- a/testing/trino-product-tests/src/main/resources/tempto-configuration.yaml
+++ b/testing/trino-product-tests/src/main/resources/tempto-configuration.yaml
@@ -134,7 +134,7 @@ databases:
 
   sqlserver:
     jdbc_driver_class: com.microsoft.sqlserver.jdbc.SQLServerDriver
-    jdbc_url: jdbc:sqlserver://sqlserver
+    jdbc_url: jdbc:sqlserver://sqlserver;encrypt=false
     jdbc_user: sa
     jdbc_password: SQLServerPass1
     jdbc_pooling: true
diff --git a/testing/trino-server-dev/etc/catalog/sqlserver.properties b/testing/trino-server-dev/etc/catalog/sqlserver.properties
index d38c832a7a82..92258e55d312 100644
--- a/testing/trino-server-dev/etc/catalog/sqlserver.properties
+++ b/testing/trino-server-dev/etc/catalog/sqlserver.properties
@@ -1,4 +1,4 @@
 connector.name=sqlserver
-connection-url=jdbc:sqlserver://sqlserver
+connection-url=jdbc:sqlserver://sqlserver;encrypt=false
 connection-user=sa
 connection-password=SQLServerPass1