IIS 7 and Above
TLS 1.2 only mode on 2019 server and Provider=SQLOLEDB.1 asp with IIS...
Last post Feb 14, 2021 07:39 PM by markm75
Feb 14, 2021 06:46 PM|markm75|LINK
We have a production AWS IIS server, on this server its configured the same way as our bare bones staging/test server
In both cases we applied the TLS 1.0 and 1.1 disabled registry code to disable those and applied the cipher order in gpedit to ensure its up to 1.2 standards (found on many guides online).
The strange part is, the production server asp that has legacy code and uses a connect string like:
Provider=SQLOLEDB.1 encrypt=true;trustServerCertificate=true and points to the aws RDS sql server address and db, will throw an error.
What we get is:
[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.
Now im guessing this IS the expected behavior.
However, the same exact asp code ran on the staging/test box works fine, no error.
I've used IIS crypto to compare and i dont see a difference.
Devs and myself (more IT admin here) are all baffled by the fact that it works on the test box.
Has anyone ran into this and have any ideas?
Thanks in advance
Feb 14, 2021 07:39 PM|markm75|LINK
So apparently, after updating 2019 server to the very very latest updates of .1757, suddenly the TLS 1.0 commands of this asp page WORK.
My question is why.
The updates applied were:
KB890830 malicious software removal
KB4601887 Cumulative update for .net frameworks (feb 2021)
KB4535680 security update for 2019
KB4580325 security update for flash player.
Im guessing maybe the .net framework one however, if tls 1.0 is off, this asp code should not work, or so i thought.
The final version that worked was