dcsimg
www.webdeveloper.com
Results 1 to 4 of 4

Thread: ServerXMLHTTP.6.0 || WinHttpRequest connecting to TLS 1.2 server

  1. #1
    Join Date
    Oct 2007
    Posts
    6

    Angry ServerXMLHTTP.6.0 || WinHttpRequest connecting to TLS 1.2 server

    Hi

    I have a server side application that connects to a third party server and is currently able to communicate with it via SSL 3.0. The third party server will be upgraded to only support TLS 1.1 and TLS 1.2. I have enabled TLS 1.1 and TLS 1.2 on my server for both client and server and am able to connect to my server via TLS 1.2 from a browser. I am also able to browse from my server with Internet Explorer to the test TLS 1.1 page however my server application is unable to connect to the third party test page.

    An example of my application that connects to the third party server below. Server Registry changes below code.

    I would be most grateful for any assistance.
    ===============================================================<%@ EnablesessionState=False
    Language=JScript %>
    <%
    var URL = "https://test.paygate.co.za/process.trans";
    //URL = "https://www.paygate.co.za/payxml/process.trans" /*Current SSL Server*/
    var Data = "";
    var ReqStatus;
    var ReqStatusTxT;
    var PageTxT;
    try {
    var XMLobj = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0");
    XMLobj.open ("GET", URL, false);
    XMLobj.send(Data);
    ReqStatus=XMLobj.status;
    ReqStatusTxT=XMLobj.statusText
    PageTxT=XMLobj.responseText;
    }
    catch(e){
    ReqStatus=-1;
    ReqStatusTxT=e.message;
    PageTxT="";
    }
    XMLobj = null;

    %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="https://www.w3.org/1999/xhtml">
    <head>
    <title>Test SSL</title>
    </head>
    <body>
    Status code:<%=ReqStatus%>&nbsp;&nbsp;&nbsp;&nbsp;<%=ReqStatusTxT%><br /><br />
    Returned XML:
    <hr>
    <%=Server.HTMLEncode(PageTxT)%>
    <hr>
    <br /><br />
    </body>

    ===============================================================

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
    "DisabledByDefault"=dword:00000001
    "Enabled"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
    "DisabledByDefault"=dword:00000001
    "Enabled"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    "DisabledByDefault"=dword:00000000
    "Enabled"=dword:00000001

  2. #2
    Join Date
    Oct 2007
    Posts
    6
    I have found I can get an ASP.NET C# page to work if I add the code below to the page. I am unsure if something similar could be done in Classic ASP or if there would be another way to tell the Classic ASP object to use the other security protocols.

    //Enable TLS1.1 and TLS1.2
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

  3. #3
    Join Date
    Oct 2007
    Posts
    6
    Hi

    I have found that if I switch to "WinHttp.WinHttpRequest.5.1" the is an option(9) flag that allows me to set the security protocols. I do not know the meaning of the various option flags or where to find the meanings but I worked out the value I used from winhttp.h found on the net.

    var XMLobj = Server.CreateObject("WinHttp.WinHttpRequest.5.1");
    XMLobj.option(9) = 2720; //SSL3 TLS1.0 TLS1.1 and TLS1.2

  4. #4
    Join Date
    Oct 2007
    Posts
    6
    Note! I found that the registry setting are unnecessary.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles