asked on
WinHTTPRequest and TLS v1.2
Is it possible to make the WinHTTPRequest object to use TLS v1.2 on a Windows 2008R2 server?
I tried to use this site: "https://howsmyssl.com/a/check" to check the connection security properties,
and it reports that the TLS is 1.0
but if I use the object Msxml2.XMLHTTP instead of WinHTTP.WinHTTPRequest,
then the server reports that "tls_version" is "TLS 1.2"
If that is impossible, then I'd like to know how actually bad to use "Msxml2.XMLHTTP" to make connections from a web server process?
I tried to use this site: "https://howsmyssl.com/a/check" to check the connection security properties,
and it reports that the TLS is 1.0
but if I use the object Msxml2.XMLHTTP instead of WinHTTP.WinHTTPRequest,
then the server reports that "tls_version" is "TLS 1.2"
set http_req = CreateObject("WinHTTP.WinHTTPRequest.5.1")
http_req.open "GET", "https://howsmyssl.com/a/check", false
http_req.send
MsgBox http_req.responseText
{"given_cipher_suites":["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_3DES_EDE_CBC_SHA"],
"ephemeral_keys_supported":true,"session_ticket_supported":false,"tls_compression_supported":false,
"unknown_cipher_suite_supported":false,"beast_vuln":false
,"able_to_detect_n_minus_one_splitting":true,"insecure_cipher_suites":{},
"tls_version":"TLS 1.0","rating":"Bad"}
If that is impossible, then I'd like to know how actually bad to use "Msxml2.XMLHTTP" to make connections from a web server process?
Web DevelopmentWeb ComponentsSSL / HTTPSWindows Server 2008* WinHTTP
Last Comment
zc2