All geek questions in one place

Does Microsoft OLE DB Provider for SQL Server Provide TLS 1.2 Support

Our client has recently upgraded from TLS 1.0 to TLS 1.2, and after that our software cannot connect to the SQL server. It uses the OLE DB provider to connect to the SQL server. The following is the error returned from the SQL server -

[DBNETLIB] [ConnectionOpen SECDoClientHandshake ()] SSL Security Error SQL State: 08001 SQL Error Number: 18

Could not find useful information about whether the Microsoft OLE DB provider for SQL Server supports TLS 1.2 or not.

One of the links found seems to be unsupported. https://forums.iis.net/t/1233674.aspx?connecing+SQL+server+DB+issue+after+installingTLS1+2+in+SQL+srver+with+classic+asp+application+

Therefore, you need to check on stackoverflow if anyone has any info on this.

+9
source share
3 answers

The SQLOLEDB provider and the SQL Server ODBC driver that ships with Windows are legacy components that are provided for backward compatibility only. They are deprecated since SQL 2005.

According to this MSSQL Tiger Team blog post :

SQLOLEDB will not receive support for TLS 1.2. You will need to switch the driver to one of the supported drivers listed at https://support.microsoft.com/en-us/kb/3135244

You should be able to install SQL Server Native Client 2012 and use this OLE DB provider only with a change in the connection string (change Provider=SQLOLEDB to Provider=SQLNCLI11 ). Of course, it is worth checking once to avoid surprises. For example, I remember someone experiencing differences in behavior with the SQL Server native client provider and the classic ADO when using server API cursors, although the commonly used fire cursors were good.

EDIT

A new OLE DB driver, MSOLEDBSQL , has been released. This new driver includes support for the latest TLS 1.2 standards and is backward compatible with SQL Server 11 Native Client (SQLNCLI11). See Microsoft SQLNCLi Team Blog Announcement .

+16
source

This may not be a solution for you, as it will be a correction in the future that your client may not wait for, but it seems that Microsoft is ignoring the OLEDB driver with a new version that supports TLS 1.2 outside Q1 2018: https: // blogs. msdn.microsoft.com/sqlnativeclient/2017/10/06/announcing-the-new-release-of-ole-db-driver-for-sql-server/

The new Microsoft OLE DB driver for SQL Server, or msoledbsql, will also introduce multi-subnet forwarding capabilities in this first upcoming release and supports the latest TLS 1.2 standards.

Additionally, this first upcoming release will be a standalone installation package that is out-of-band with the SQL Server life cycle. It also means the driver will not be packaged in the SNAC library and will not be associated with any other driver.

+8
source

The following changes, on my part, fixed the problem after updating TLS1.2 in the Azure cloud -

  • change Provider=SQLOLEDB to Provider=SQLNCLI11
  • upgrade ADODB to Microsoft ActiveX Data Objects 6.0
0
source

Source: https://habr.com/ru/post/1271446/

More articles:


All Articles