asked on

How do I force VB.Net (2010) to use TLS as required by PayPal changes?

We need to update our app (running on WinXP) to successfully post transactions to PayFlowPro which is disabling SSL 3.0 on 12/3. We are using MSXML2.XMLHTTP in vb.net to post the transactions like this:

Dim xmlHTTP As MSXML2.XMLHTTP = New MSXML2.XMLHTTP
xmlHTTP.open("POST", strURL, False)
xmlHTTP.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
System.Windows.Forms.Application.DoEvents()
xmlHTTP.send(snd)
resp = xmlHTTP.responseText

I tried putting the following above the dim statement:
'System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
but it didn't change anything. Anyone have any idea how to accomplish this?

Gary

There is no reason your pc would be using SSL unless you specifically tell it to or you don't have TLS installed (which is highly unlikely)

Gary

...assuming you have SP3 installed

Dalexan

ASKER

We do have SP3 installed. Their server site, https://payflowpro.paypal.com, works fine, but their test site that has been set up to not allow SSL3.0, https://developer.paypal.com/docs/classic/lifecycle/ug_sandbox, fails. I/m not sure what else it would be.

Gary

You have this
'System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls

but it's commented out, is that a typo?

Dalexan

ASKER

No, I tried that but it didn't help so I commented it back out...I did forget to mention, the execution gets through the open call, but fails on the POST call with "Error 53 - System error -2146697208"...no other system or application log entries.

kaufmed

Not that there's much difference in the end result, but why are you using MSXML2.XMLHTTP and not something like WebClient or HttpWebRequest, which are already a part of the Framework? Why the COM?

I agree with Gary that the commented-out line should be what you need. I was just playing around with this the other day, and changing that line altered which SSL suite was in play.

Dalexan

ASKER

This is code we have had in place for quite some time, so, as long as it works we've avoided making any changes. Would the position of the SecurityProtocol assignment make a difference? I had it in the code above the Dim xmlHTTP statement...

Gary

Try it with

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

What version of .net are you using?

Dalexan

ASKER

The autocomplete only shows Ssl3 and Tls...no Tls12 option. .NET Framework 4 is the target framework in the app Compile tab.

kaufmed

Now that I think about it, that setting may not have any impact on MSXML2.XMLHTTP. That's a small block of code; can we try replacing it with the following?

Using client As New System.Net.WebClient()
    System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
    client.Headers("Content-Type") = "application/x-www-form-urlencoded"
    System.Windows.Forms.Application.DoEvents()
    resp = client.UploadString(snd)
End Using

Open in new window

Dalexan

ASKER

Well, that got me a little further, I think...I got "5 - The remote server returned an error: (500) Internal Server Error"

Dalexan

ASKER

btw, I had to add strurl as the first parameter to the UploadString...

ASKER CERTIFIED SOLUTION

kaufmed

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Dalexan

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

kaufmed

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Dalexan

ASKER

After speaking with Paypal support there was an issue with our account setup and this feature was not activated or partially activated on our account which was throwing error conditions.