SolvedPrivate

Using ServerXMLHTTP60 (MSXML) with TLS only

Posted on 2014-11-03
1
28 Views
Last Modified: 2016-02-26
Hi,

I am using a SOAP WebService client with MSXML::ServerXMLHTTP60 component to access the web service.
How can I enforce this COM to use only TLS (and to avoid SSL 2 \ 3) when accessing the web service?

Thanks
0
Comment
Question by:Yaniv Gutman
1 Comment
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 40419818
Well, I assuming your question is connected to POODLE (http://en.wikipedia.org/wiki/POODLE): Since all Windows security components rely on the underlying infrastructure, the SSL2/3 issue should either be fixed with the newest Windows update or taken care of by adjusting the settings. I.e. setting

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

        "Enabled"=dword:00000000

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

        "DisabledByDefault"=dword:00000001

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

        "Enabled"=dword:00000000

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

        "DisabledByDefault"=dword:00000001

Open in new window


Apart from that, this component does not seem to support any other way of option (http://msdn.microsoft.com/en-us/library/ms763811%28v=vs.85%29.aspx) to control the encryption features that can be used
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now