Classic ASP switch to TLS 1.2
I recently came across a failed PCI scan for one of our clients. This failure was due to TLS 1.0 being enabled on that Windows server.
We ran IISCRYPTO (link) and disabled TLS.
Upon restarting the server, the Classic ASP site threw the following error:
Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error
That error is because the web server is no longer using TLS 1.0 and the Classic ASP application (web site) is using too old of a driver on the server, to communicate with TLS 1.1 and/or 1.2.
To get around this, go download the latest ODBC driver from Microsoft, which is version 13.1 as of today. You will most likely need to install the 32-bit version (as most ASP apps run in 32 bit mode). Link here
Install that driver.
then go to your Windows server, Administrative tools and open the ODBC Data Sources (32-bit)
The 32-bit ODBC Administrator is found here: C:\Windows\SysWOW64\odbcad32.exe
go to the SYSTEM tab
add a new data source
Pick “ODBC DRIVER 13 for SQL Server”… (hit finish)
put in the name (no spaces or punctuation)
server name (or IP address) (NEXT)
authentication (USE SQL server auth, enter the LoginID and PW) (NEXT)
continue, then test the connection (it should work).
go to your Classic ASP application.
You will need to update the connection string to this:
You can now use IISCrypto and disable TLS 1.0
Reboot the server
re-test your Classic ASP app and now you should be up and running on TLS 1.1 or 1.2