TLS 1.2 only mode on 2019 server and Provider=SQLOLEDB.1 asp with IIS works? RRS feed

  • Question

  • User-812859652 posted

    We have a production AWS IIS server, on this server its configured the same way as our bare bones staging/test server

    In both cases we applied the TLS 1.0 and 1.1 disabled registry code to disable those and applied the cipher order in gpedit to ensure its up to 1.2 standards (found on many guides online).

    The strange part is, the production server asp that has legacy code and uses a connect string like:
    Provider=SQLOLEDB.1  encrypt=true;trustServerCertificate=true   and points to the aws RDS sql server address and db, will throw an error. 

    What we get is:

    [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

    Now im guessing this IS the expected behavior.

    However, the same exact asp code ran on the staging/test box works fine, no error.

    I've used IIS crypto to compare and i dont see a difference.

    Devs and myself (more IT admin here) are all baffled by the fact that it works on the test box.
    Has anyone ran into this and have any ideas?

    Thanks in advance

    Sunday, February 14, 2021 6:46 PM

All replies

  • User-812859652 posted

    So apparently, after updating 2019 server to the very very latest updates of .1757, suddenly the TLS 1.0 commands of this asp page WORK.

    My question is why.

    The updates applied were:

    KB890830 malicious software removal

    KB4601887 Cumulative update for .net frameworks (feb 2021)

    KB4535680 security update for 2019


    KB4580325 security update for flash player.

    Im guessing maybe the .net framework one however, if tls 1.0 is off, this asp code should not work, or so i thought.

    The final version that worked was 

    1809 17763.1757

    Sunday, February 14, 2021 7:39 PM