• Status: Solved
  • Priority: Medium
  • Security: Private
  • Views: 69
  • Last Modified:

Using ServerXMLHTTP60 (MSXML) with TLS only

Hi,

I am using a SOAP WebService client with MSXML::ServerXMLHTTP60 component to access the web service.
How can I enforce this COM to use only TLS (and to avoid SSL 2 \ 3) when accessing the web service?

Thanks
0
Yaniv Gutman
Asked:
Yaniv Gutman
1 Solution
 
jkrCommented:
Well, I assuming your question is connected to POODLE (http://en.wikipedia.org/wiki/POODLE): Since all Windows security components rely on the underlying infrastructure, the SSL2/3 issue should either be fixed with the newest Windows update or taken care of by adjusting the settings. I.e. setting

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

        "Enabled"=dword:00000000

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

        "DisabledByDefault"=dword:00000001

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

        "Enabled"=dword:00000000

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

        "DisabledByDefault"=dword:00000001

Open in new window


Apart from that, this component does not seem to support any other way of option (http://msdn.microsoft.com/en-us/library/ms763811%28v=vs.85%29.aspx) to control the encryption features that can be used
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Tackle projects and never again get stuck behind a technical roadblock.
Join Now