sql-serversqloledb

Is sqloledb actually using MSOLEDBSQL on Windows Server 2019


A legacy piece of software using the provider "sqloledb.1" via the OleDbConnection Class (System.Data.OleDb.dll) is still working on Windows Server 2019 with TLS1.2. Whereas on Server 2016 or 2012 R2 with TSL1.2 it is not?

Windows Server 2016 gets the following error, which is expected as it is using the sqloledb which doesn't support TLS1.2. This is well known as seen here.

[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.

Windows Server 2019 works and I do not know why. Is it struggling to find the sqloledb and defaulting to the new driver (MSOLEDBSQL) that supports TLS1.2?

All servers have the same version of the Microsoft OLE DB Driver for SQL Server installed, 18.5.

Tried different versions of SQL server, 2017 and 2019.

Update

sqloledb.dll properties showing the version information

Server 2019

sqloledb Server 2019

Server 2016

enter image description here


Solution

  • sqloledb is part of Windows, and it was recently updated to support TLS 1.2. See KB4580390:

    Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Microsoft Data Access Components (MDAC).

    So as of "Windows 10, version 1809, Windows Server version 1809" (OS Build 17763.1554) this should work.

    Testing locally on Windows 10 20H2 running

    static void Main(string[] args)
    {
    
        using (var con = new OleDbConnection("Provider=sqloledb;data source=localhost;trusted_connection=yes;Network Library=DBMSSOCN"))
        {
            con.Open();
            Console.WriteLine("Hello");
            Console.ReadKey();
        }
    }
    

    Where protocol encryption is forced on the server:

    enter image description here

    And capturing this XEvent:

    CREATE EVENT SESSION [tls] ON SERVER 
    ADD EVENT sqlsni.sni_trace(
        WHERE ([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%')))
    

    Captured this debug message:

    text    SNISecurity Handshake Handshake succeeded. Protocol: TLS1.2 (1024), Cipher: AES 256 (26128), Cipher Strength: 256, Hash: SHA 384 (32781), Hash Strength: 0, PeerAddr: 127.0.0.1