Solved

How do I force VB.Net (2010) to use TLS as required by PayPal changes?

Posted on 2014-11-21
16
401 Views
Last Modified: 2016-03-24
We need to update our app (running on WinXP) to successfully post transactions to PayFlowPro which is disabling SSL 3.0 on 12/3.  We are using MSXML2.XMLHTTP in vb.net to post the transactions like this:
       
        Dim xmlHTTP As MSXML2.XMLHTTP = New MSXML2.XMLHTTP
        xmlHTTP.open("POST", strURL, False)
        xmlHTTP.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
        System.Windows.Forms.Application.DoEvents()
        xmlHTTP.send(snd)
        resp = xmlHTTP.responseText

I tried putting the following above the dim statement:
       'System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
but it didn't change anything.  Anyone have any idea how to accomplish this?
0
Comment
Question by:Dalexan
  • 8
  • 4
  • 4
16 Comments
 
LVL 58

Expert Comment

by:Gary
Comment Utility
There is no reason your pc would be using SSL unless you specifically tell it to or you don't have TLS installed (which is highly unlikely)
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
...assuming you have SP3 installed
0
 

Author Comment

by:Dalexan
Comment Utility
We do have SP3 installed.  Their server site, https://payflowpro.paypal.com, works fine, but their test site that has been set up to not allow SSL3.0, https://developer.paypal.com/docs/classic/lifecycle/ug_sandbox, fails.  I/m not sure what else it would be.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
You have this
'System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls

but it's commented out, is that a typo?
0
 

Author Comment

by:Dalexan
Comment Utility
No, I tried that but it didn't help so I commented it back out...I did forget to mention, the execution gets through the open call, but fails on the POST call with "Error 53 - System error -2146697208"...no other system or application log entries.
0
 
LVL 74

Expert Comment

by:käµfm³d 👽
Comment Utility
Not that there's much difference in the end result, but why are you using MSXML2.XMLHTTP and not something like WebClient or HttpWebRequest, which are already a part of the Framework? Why the COM?

I agree with Gary that the commented-out line should be what you need. I was just playing around with this the other day, and changing that line altered which SSL suite was in play.
0
 

Author Comment

by:Dalexan
Comment Utility
This is code we have had in place for quite some time, so, as long as it works we've avoided making any changes.  Would the position of the SecurityProtocol assignment make a difference?  I had it in the code above the Dim xmlHTTP statement...
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Try it with

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

What version of .net are you using?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Dalexan
Comment Utility
The autocomplete only shows Ssl3 and Tls...no Tls12 option. .NET Framework 4 is the target framework in the app Compile tab.
0
 
LVL 74

Expert Comment

by:käµfm³d 👽
Comment Utility
Now that I think about it, that setting may not have any impact on MSXML2.XMLHTTP. That's a small block of code; can we try replacing it with the following?

Using client As New System.Net.WebClient()
    System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
    client.Headers("Content-Type") = "application/x-www-form-urlencoded"
    System.Windows.Forms.Application.DoEvents()
    resp = client.UploadString(snd)
End Using

Open in new window

0
 

Author Comment

by:Dalexan
Comment Utility
Well, that got me a little further, I think...I got "5 - The remote server returned an error: (500) Internal Server Error"
0
 

Author Comment

by:Dalexan
Comment Utility
btw, I had to add strurl as the first parameter to the UploadString...
0
 
LVL 74

Accepted Solution

by:
käµfm³d   👽 earned 500 total points
Comment Utility
Is the value in strURL your server or PayPal?
0
 

Assisted Solution

by:Dalexan
Dalexan earned 0 total points
Comment Utility
0
 
LVL 74

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 500 total points
Comment Utility
As far as I can tell, the above is what you need. The only other thing I can suggest would be to use a tool like Fiddler and examine the request that's going out to ensure it is formatted correctly. 500s usually indicate a problem on the server, not the client. You may have to contact PayPal to find out why they are returning 500s in certain scenarios.
0
 

Author Closing Comment

by:Dalexan
Comment Utility
After speaking with Paypal support there was an issue with our account setup and this feature was not activated or partially activated on our account which was throwing error conditions.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
For most people, the WrapPanel seems like a magic when they switch from WinForms to WPF. Most of us will think that the code that is used to write a control like that would be difficult. However, most of the work is done by the WPF engine, and the W…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now