TLS 1.2 only mode on 2019 server and Provider=SQLOLEDB.1 asp with IIS works?RSS

• • Reply
  markm75

  4 Posts

  TLS 1.2 only mode on 2019 server and Provider=SQLOLEDB.1 asp with IIS works?

  Feb 14, 2021 06:46 PM|markm75|LINK

  We have a production AWS IIS server, on this server its configured the same way as our bare bones staging/test server

  In both cases we applied the TLS 1.0 and 1.1 disabled registry code to disable those and applied the cipher order in gpedit to ensure its up to 1.2 standards (found on many guides online).

  The strange part is, the production server asp that has legacy code and uses a connect string like:
  Provider=SQLOLEDB.1  encrypt=true;trustServerCertificate=true   and points to the aws RDS sql server address and db, will throw an error. 

  What we get is:

  [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

  Now im guessing this IS the expected behavior.

  However, the same exact asp code ran on the staging/test box works fine, no error.

  I've used IIS crypto to compare and i dont see a difference.

  Devs and myself (more IT admin here) are all baffled by the fact that it works on the test box.
  Has anyone ran into this and have any ideas?

  Thanks in advance

• • Reply
  markm75

  4 Posts

  Re: TLS 1.2 only mode on 2019 server and Provider=SQLOLEDB.1 asp with IIS works?

  Feb 14, 2021 07:39 PM|markm75|LINK

  So apparently, after updating 2019 server to the very very latest updates of .1757, suddenly the TLS 1.0 commands of this asp page WORK.

  My question is why.

  The updates applied were:
  
  KB890830 malicious software removal

  KB4601887 Cumulative update for .net frameworks (feb 2021)

  KB4535680 security update for 2019

  and

  KB4580325 security update for flash player.

  Im guessing maybe the .net framework one however, if tls 1.0 is off, this asp code should not work, or so i thought.

  The final version that worked was 

  <div>1809 17763.1757</div>