We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

TLS 1.2 only mode on 2019 server and Provider=SQLOLEDB.1 asp with IIS works?RSS

1 reply

Last post Feb 14, 2021 07:39 PM by markm75

  • TLS 1.2 only mode on 2019 server and Provider=SQLOLEDB.1 asp with IIS works?

    Feb 14, 2021 06:46 PM|markm75|LINK

    We have a production AWS IIS server, on this server its configured the same way as our bare bones staging/test server

    In both cases we applied the TLS 1.0 and 1.1 disabled registry code to disable those and applied the cipher order in gpedit to ensure its up to 1.2 standards (found on many guides online).

    The strange part is, the production server asp that has legacy code and uses a connect string like:
    Provider=SQLOLEDB.1  encrypt=true;trustServerCertificate=true   and points to the aws RDS sql server address and db, will throw an error. 

    What we get is:

    [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

    Now im guessing this IS the expected behavior.

    However, the same exact asp code ran on the staging/test box works fine, no error.

    I've used IIS crypto to compare and i dont see a difference.

    Devs and myself (more IT admin here) are all baffled by the fact that it works on the test box.
    Has anyone ran into this and have any ideas?

    Thanks in advance

  • Re: TLS 1.2 only mode on 2019 server and Provider=SQLOLEDB.1 asp with IIS works?

    Feb 14, 2021 07:39 PM|markm75|LINK

    So apparently, after updating 2019 server to the very very latest updates of .1757, suddenly the TLS 1.0 commands of this asp page WORK.

    My question is why.

    The updates applied were:

    KB890830 malicious software removal

    KB4601887 Cumulative update for .net frameworks (feb 2021)

    KB4535680 security update for 2019

    and

    KB4580325 security update for flash player.

    Im guessing maybe the .net framework one however, if tls 1.0 is off, this asp code should not work, or so i thought.

    The final version that worked was 

    <div>1809 17763.1757</div>