SSL Security Error for Microsoft SQL Driver

databases
microsoft-sql
connection-string
driver

#1

A common reason for receiving SSL related errors on a Microsoft SQL database connection is either due to the SQL servers TLS ciphers being updated (such as removing an older TLS version like 1.0 or 1.1), or perhaps when moving from one server environment over to a new environment.

Whichever case you might fall under, we can assure you that this issue is easy to overcome.

Most Microsoft SQL connection strings use an older driver than they really should, depending on how well the developer of the site(s) in question keep up with the best practices. If this is the case, then updating the driver your site uses will be super important.

Why would I need to update the SQL driver my site uses?

A majority of the tickets we have received on this particular topic have been due to the driver in the code of the website using an older {SQL Server} driver, for example, a common driver we see sites use was last updated on 11/24/2014.

As you can imagine there have been a lot of changes since the date this older driver was updated. An older driver that hasn’t been updated might not have newer security features and may not be able to communicate with other servers that require a higher level security connection, such as later version of TLS for example.

We commonly see the following error from customers that migrate to us from providers that use an older SQL driver:

[Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error

The above uses an older ODBC SQL Server Driver, which hasn’t received updates for many, many years. The reason for the connection failure in the above example is because the web server is attempting to use the SQL driver with an older TLS cipher suite and the newer server did not accept the connection on the older TLS version as it requires a newer and more secure connection.

How can I resolve these SQL Driver errors?

In most cases, such as our shared servers, a newer SQL driver is already available and installed on the server and just needs to be utilized by updating the code of your website.

If on our shared servers, for example, we have the latest (at the time of this article creation) official Microsoft SQL Driver (Microsoft ODBC Driver 17 for SQL Server) installed and this can be used by updating your code to refer to the newer driver such as the below example:

Example:

Change From:

strCnn = "Driver={SQL Server};Server=[DBServer];UID=[DBUser];PWD=[DBPassword];Database=[DBName]"

Change To:

strCnn = "Driver={ODBC Driver 17 for SQL Server};Server=[DBServer];UID=[DBUser];PWD=[DBPassword];Database=[DBName]"

The above example we changed our code from the older SQL driver to the newer Microsoft ODBC Driver 17 for SQL Server. This should be installed on all of our shared web servers, as well as all newer dedicated server environments. If your dedicated server environment doesn’t have this installed then you can download the installer here and run the easy installer on your server, or you can contact our team and we’ll take care of this for you.

In addition to the Microsoft ODBC Driver 17 mentioned above, we also have the below two drivers installed on all of our shared web servers:

  • OLEDB version 18
  • SQL Native Client (Version with TLS 1.2 support installed)

Additional Troubleshooting

If the connection is still failing to connect to the data instance due to the SSL related error, even after the update of the SQL driver, then the next thing to look into would be to check:

  1. What SQL Server version are you using? If using an older version that doesn’t support newer TLS cipher versions then you may need to upgrade SQL. For example, see the Microsoft SQL article that explains which build versions started supporting TLS 1.2, so if you’re using an SQL build earlier than those mentioned in the article… then you might need to upgrade SQL to take advantage of TLS 1.2 and allow proper connections from the website.

  2. Check the TLS versions enabled on both the WebServer and the SQL DB server. If using the latest SQL Driver (Microsoft ODBC Driver 17 for SQL) then you’ll want to make sure TLS 1.2 is enabled and allowed for connections on both servers.

  3. If updating the driver doesn’t work, as well as the SQL version and TLS ciphers are set correctly, then feel free to contact our team to begin troubleshooting the connection further.