Is sqloledb actually using MSOLEDBSQL on Windows Server 2019

Question

A legacy piece of software using the provider "sqloledb.1" via the OleDbConnection Class (System.Data.OleDb.dll) is still working on Windows Server 2019 with TLS1.2. Whereas on Server 2016 or 2012 R2 with TSL1.2 it is not?

Windows Server 2016 gets the following error, which is expected as it is using the sqloledb which doesn't support TLS1.2. This is well known as seen here.

[DBNETLIB][ConnectionOpen (SECCreateCredentials()).]SSL Security error.

Windows Server 2019 works and I do not know why. Is it struggling to find the sqloledb and defaulting to the new driver (MSOLEDBSQL) that supports TLS1.2?

All servers have the same version of the Microsoft OLE DB Driver for SQL Server installed, 18.5.

Tried different versions of SQL server, 2017 and 2019.

Update

sqloledb.dll properties showing the version information

Server 2019

Server 2016

Answer 1

SQL Server OLE DB Providers

OLE DB Provider	Description	Available with	Minimum SQL Server	Max TLS	Installed with	Status (As of Q3 2022)
SQLOLEDB	"Microsoft OLE DB Provider for SQL Server"	Windows 2000	SQL Server 7.0 (70)	TLS 1.0	Windows (MDAC)	Deprecated
SQLOLEDB (2021 update)	"Microsoft OLE DB Provider for SQL Server"	Windows 10 1809+	SQL Server 7.0 (70) (SQL Server 2008+ needed for TLS 1.2)	TLS 1.2	Windows (MDAC)	Deprecated
SQLNCLI	"SQL Server Native Client" ("SNAC")	SQL Server 2005	SQL Server 7.0 (70)	TLS 1.1Note 1	Manually	Deprecated
SQLNCLI10	"SQL Server Native Client 10.0"	SQL Server 2008	SQL Server 2000 (80)	TLS 1.2	Manually	Deprecated
SQLNCLI10 (2020 update)	"SQL Server Native Client 10.0"		SQL Server 2000 (80) (SQL Server 2008+ needed for TLS 1.2)	TLS 1.2	Manually	Deprecated
SQLNCLI11	"SQL Server Native Client 11.0"	SQL Server 2012	SQL Server 2005 (90)	TLS 1.2	Manually	Deprecated
SQLNCLI11 (2018 update)	"SQL Server Native Client 11.0"		SQL Server 2005 (90) (SQL Server 2008+ needed for TLS 1.2)	TLS 1.2	Manually	Deprecated
MSOLEDBSQL	"Microsoft OLE DB Driver for SQL Server"	2017 Announcement	SQL Server 2012 (110) (SQL Server 2016+ needed for TLS 1.3)	TLS 1.3	Manually	Current
MSOLEDBSQL19	"Microsoft OLE DB Driver 19 for SQL Server"	SQL Server 2019	SQL Server 2012 (110) (SQL Server 2016+ needed for TLS 1.3)	TLS 1.3	Manually	Current

Note 1: The original SQLNCLI for SQL Server 2005 supports TLS 1.1 "for free" when the SChannel system on both the Server and Client machines supports TLS 1.1, even though TLS 1.1 was released in 2006 after SQL Server 2005.

Answer 2

As far as I could read in the Internet the native client is faster than the MSOLEDBSQL driver when working with ADO as OleDB is a different layer in between.

Answer 3

sqloledb is part of Windows, and it was recently updated to support TLS 1.2. See KB4580390:

Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Microsoft Data Access Components (MDAC).

So as of "Windows 10, version 1809, Windows Server version 1809" (OS Build 17763.1554) this should work.

Testing locally on Windows 10 20H2 running

static void Main(string[] args)
{

    using (var con = new OleDbConnection("Provider=sqloledb;data source=localhost;trusted_connection=yes;Network Library=DBMSSOCN"))
    {
        con.Open();
        Console.WriteLine("Hello");
        Console.ReadKey();
    }
}

Where protocol encryption is forced on the server:

And capturing this XEvent:

CREATE EVENT SESSION [tls] ON SERVER 
ADD EVENT sqlsni.sni_trace(
    WHERE ([sqlserver].[like_i_sql_unicode_string]([text],N'%Handshake%')))

Captured this debug message:

text    SNISecurity Handshake Handshake succeeded. Protocol: TLS1.2 (1024), Cipher: AES 256 (26128), Cipher Strength: 256, Hash: SHA 384 (32781), Hash Strength: 0, PeerAddr: 127.0.0.1