Classic ASP site can't connect to SQL Server when TLS1.0 and older are disabled

Question

I have a classic ASP site that accesses a SQL Server 2008 R2 database (which resides on a separate server) and when I disable TLSv1.0 and SSLv3.0, my site displays an error stating that: "Microsoft SQL Server Native Client 11.0 error '80004005'

Encryption not supported on the client."

I first read this: http://blogs.sqlsentry.com/aaronbertrand/tls-1-2-support-read-first/, then applied all applicable server and client patches as instructed here https://support.microsoft.com/en-us/kb/3135244, and attempted the fix as described here Classic ASP Outbound TLS 1.2 to no avail.

I also found that when I use FIPS compliant encryption algorithms, as seen here https://dba.stackexchange.com/a/99129, this site resolves, but the other non-classic ASP sites on this server do not.

Any ideas on how I can correct this?

Answer 1

You can accomplish this by setup recent MS OLE DB or ODBC driver on server with your application and slightly change connection string to DB.

Option 1 - MS OLE DB Driver

• 1) Install drivers Microsoft OLE DB Driver 18 for SQL Server (18 was recent version for the moment) https://www.microsoft.com/en-us/download/confirmation.aspx?id=56730

• 2) Change connection string to have Provider=MSOLEDBSQL:

  "Provider=MSOLEDBSQL;Server=*****;Database=*****;Uid=*****;Pwd=*****;"

Option 2 - MS ODBC Driver

• 1) Install Microsoft ODBC Driver 17 for SQL Server (version 17 for the moment) https://www.microsoft.com/en-us/download/details.aspx?id=56567

• 2) Change connection string to have Driver={ODBC Driver 17 for SQL Server}

  "Driver={ODBC Driver 17 for SQL Server};Server=*****;Database=*****;Uid=*****;Pwd=*****;"