Classic ASP switch to TLS 1.2

I recently came across a failed PCI scan for one of our clients.  This failure was due to TLS 1.0 being enabled on that Windows server.

We ran IISCRYPTO (link) and disabled TLS.

Upon restarting the server, the Classic ASP site threw the following error:

Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error

That error is because the web server is no longer using TLS 1.0 and the Classic ASP application (web site) is using too old of a driver on the server, to communicate with TLS 1.1 and/or 1.2.

To get around this, go download the latest ODBC driver from Microsoft, which is version 13.1 as of today.  You will most likely need to install the 32-bit version (as most ASP apps run in 32 bit mode).  Link here

Install that driver.

then go to your Windows server, Administrative tools and open the ODBC Data Sources (32-bit)

The 32-bit ODBC Administrator is found here: C:\Windows\SysWOW64\odbcad32.exe

go to the SYSTEM tab

add a new data source

Pick “ODBC DRIVER 13 for SQL Server”… (hit finish)

 

put in the name (no spaces or punctuation)

server name (or IP address) (NEXT)

 

authentication (USE SQL server auth, enter the LoginID and PW) (NEXT)

 

continue, then test the connection (it should work).

go to your Classic ASP application.

 

 

You will need to update the connection string to this:

DSN=YourNewSystemDSNName;Uid=YourSQLUsernameHere;Pwd=SQLpassword;

You can now use IISCrypto and disable TLS 1.0

Reboot the server

re-test your Classic ASP app and now you should be up and running on TLS 1.1 or 1.2

 

 

 

 

2 comments

  • Gary R

    Do you need to create the new DNS if you are specifying the entire connection information in your application? For our applications, every site connects to different servers and/or databases so we need to specify the entire connection string. Currently we are providing it like this: “”PROVIDER=SQLOLEDB;SERVER=SERVER_IP_ADDRESS;UID=USERNAME;PWD=PASSWORD;DATABASE=DATABASE_NAME”

  • James G

    Really helpful article. Was at a loss to even explain why I was seeing this error when no code or db changes had been made to the server.

    [Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error

    This was a clear article with helpul links to downloads as well. Top marks.

Leave a Reply

Your email address will not be published. Required fields are marked *