simonchalk2016
asked on
Msxml2.ServerXMLHTTP.6.0 not using TLS1.2 in Windows Server 2012
I am using Classic ASP and discovered that Windows 2008 R2 does not support TLS1.2 for either of these methods WinHTTP.WinHTTPRequest.5.1 or Msxml2.ServerXMLHTTP.6.0 (TLS1.2 will now be required by Paypal from June 2016)
Various threads state that the only solution is to upgrade to Windows Server 2012.
So I have now upgraded a test server from 2008R2 to 2012. I have now found that WinHTTP.WinHTTPRequest.5.1 now truly supports TLS1.2 but Msxml2.ServerXMLHTTP.6.0 DOES NOT.
When using MSXML2 I still get an error An error occurred in the secure channel support in msxml6.dll. When the conneciton to Paypal is viewed in Wireshark, you can see that TLSv1 and SSLv3 are still attempted, even though those protocols are disabled (using IIS Crypto)
So wondering why this is the case?
Various threads state that the only solution is to upgrade to Windows Server 2012.
So I have now upgraded a test server from 2008R2 to 2012. I have now found that WinHTTP.WinHTTPRequest.5.1
When using MSXML2 I still get an error An error occurred in the secure channel support in msxml6.dll. When the conneciton to Paypal is viewed in Wireshark, you can see that TLSv1 and SSLv3 are still attempted, even though those protocols are disabled (using IIS Crypto)
So wondering why this is the case?
ASKER
I am using Server.CreateObject("Msxml 2.ServerXM LHTTP.6.0" )
I have actually also tried Server.CreateObject("MSXML 2.XMLHTTP. 6.0") This equally gives an error, although different "Error= The system cannot locate the resource specified."
I have actually also tried Server.CreateObject("MSXML
Is there anything blocking communication with the paypal endpoint? The error you posted above indicates it could not communicate with the defined destination.
Dan
Dan
ASKER
Don't think so. I can connect from a browsers fine to paypal end point, in fact Paypal offer a test to see if tls1.2 is working, and this is fine from the browser.
Using Code both are connecting to the same URL
This works:
Set objHttp = Server.CreateObject("WinHT TP.WinHTTP Request.5. 1")
WinHttpRequestOption_SslEr rorIgnoreF lags=4
objHttp.Option(WinHttpRequ estOption_ SslErrorIg noreFlags) = &H3300
objHttp.Option(9) = &H0AA0
objHttp.setTimeouts 0, 120000, 120000, 120000
objHttp.open "POST", URL, False
THIS FAILS:
Set objhttp = Server.CreateObject("Msxml 2.ServerXM LHTTP.6.0" )
objHttp.open "POST", URL, False
THIS ALSO FAILS
Set objhttp = Server.CreateObject("Msxml 2.XMLHTTP. 6.0")
objHttp.open "POST", URL, False
Using Code both are connecting to the same URL
This works:
Set objHttp = Server.CreateObject("WinHT
WinHttpRequestOption_SslEr
objHttp.Option(WinHttpRequ
objHttp.Option(9) = &H0AA0
objHttp.setTimeouts 0, 120000, 120000, 120000
objHttp.open "POST", URL, False
THIS FAILS:
Set objhttp = Server.CreateObject("Msxml
objHttp.open "POST", URL, False
THIS ALSO FAILS
Set objhttp = Server.CreateObject("Msxml
objHttp.open "POST", URL, False
Do you have a proxy in place to manage Internet access?
Can you post the result of the following command?
netsh winhttp show proxy
Dan
Can you post the result of the following command?
netsh winhttp show proxy
Dan
ASKER
No there is no proxy.
netsh winhttp show proxy returns this response
"
Current WinHTTP proxy settings:
Direct access (no proxy server).
"
netsh winhttp show proxy returns this response
"
Current WinHTTP proxy settings:
Direct access (no proxy server).
"
Have you read this EE post?
Link: https://www.experts-exchange.com/questions/28134229/ServerXMLHTTP-6-0-and-HTTPS.html
Maybe nudge in the right direction?
Dan
Link: https://www.experts-exchange.com/questions/28134229/ServerXMLHTTP-6-0-and-HTTPS.html
Maybe nudge in the right direction?
Dan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes agreed about upgrading the OS, fortunately it is a test system. Would still like to get to the bottom of what is going on though, since was quite happy with 2008R2 until all this kicked off.
Are you doing:
Open in new window
- or -Open in new window
Dan