Lost connection to authorize.net since TLS 1.0/1.1 disablement

alexisbr used Ask the Experts™
Hi.  I created a website using basic client payment logic from authorize.net over 10 years ago (2007?).  

It has been working fine all this time..thankfully....until Authorize.Net disabled TLS 1.0/1.1 on 2/28/18.  Now authorize.net is not receiving any payments from the website.  I called authorize.net and confirmed they have seen nothing from this website since TLS 1.0/1.1 was disabled.  They cannot offer any specific help and I am trying to figure out the issue but am not sure where to start.  

My client received a notice way in advance about this and sent it to me but I dropped the ball and didn't check into it in advance (I know that was a huge mistake).  We are working around the issue for now by billing clients via re-billing directly on authorize.net.  Fortunately, it is a small business and we can do the work-around for now.

I haven't done this type of work since I created this website long ago, and we did it the simple way using Authorize.net SIM, I think.  It is so basic!  I just pass 2 codes and all the pertinent data and it always worked.  

We have a SQL Server backend SQL Server 2012 Express/Windows Server 2012, and the frontend is old ASP classic.  My client has a vendor maintain the server and it is in the cloud.  The server is kept up-to-date and has the latest security patches.  I don't do anything server related and, over the last 5 to 8 years, I have made very few changes to my software and no changes to the code we send to authorize.net.  Most of the changes I have done over the years is cosmetic to the web design and not in SQL Server/ASP.

Over the last few days, I have been reading about TLS and the info on Authorize.net's website and everything I read appears to be server related.

Can anyone tell me if this is, in fact, a server issue or something I need to handle in my code?

Here's some info from Authorize.net's website:
 What actions do I need to take?
This will depend on how you are currently processing with Authorize.Net:

Processing using an API/SDK - If you are currently taking payments/transactions through a website, shopping cart or other software, you will need to check with your developer or host/solution provider to confirm the API connection favors TLS 1.2 and its supported ciphers.

For information on Authorize.Net API and TLS Best Practices see the following links

Here's another link to info on authorize.net:

Here's an example of my sql code that contacts authorize.net.  I changed the values in the connection strings and user codes to "xxxx".
function process_card()
Dim x_version, x_delim_data, x_relay_response
Dim x_amount, x_card_num, x_exp_date, x_type
Dim x_first_name, x_last_name, x_company, x_address
Dim x_city, x_state, x_zip, x_phone, x_fax, x_card_code, x_email, x_email_customer

x_version = "3.1"  
x_delim_data = "TRUE"
x_delim_char = "|"
x_relay_response = "False"	
Const x_login = "xxxx"
Const x_tran_key = "xxxx"
x_exp_date = ""  ' MMYYYY
x_type = "AUTH_CAPTURE"
x_email_customer = "FALSE"
x_description = "XX Monthly Charge"
x_amount = total_charge  

if x_amount = 0 then
  return_code = "Amount is zero in process_card"
  process_card = false
  exit function
end if
x_email = email_address
x_card_num = sr_decode(unescape(ccnum))
x_first_name = unescape(fname)
x_last_name = unescape(lname)
x_company = unescape(company_name)
x_address = unescape(address1and2)
x_city = unescape(city)
x_state = unescape(state)
x_zip = zip
x_phone = client_phone
x_fax = fax
x_card_code = ""  'not using cvc 
x_invoice_num = mytollfreenumber & "_" & today_string_for_invoice
x_cust_id = client_id
x_country = "US"
x_ship_to_country = "US"   '' not using these now

credit_card_cvc_num      = ""
credit_card_expire_month = ccmonexp
credit_card_expire_year  = ccyearexp
if Len(credit_card_expire_month) = 1 then
  credit_card_expire_month = "0" & credit_card_expire_month
end if
x_exp_date = credit_card_expire_month & credit_card_expire_year

dim vPostData
vPostData = "x_login=" & x_login & "&x_tran_key=" & x_tran_key & "&x_version=" & x_version &_
"&x_delim_data=" & x_delim_data & "&x_delim_char=" & x_delim_char & "&x_relay_response=" & x_relay_response &_
"&x_type=" & x_type & "&x_card_num=" & x_card_num & "&x_exp_date=" & x_exp_date & "&x_card_code=" & x_card_code &_
"&x_amount=" & x_amount & "&x_first_name=" & x_first_name & "&x_last_name=" & x_last_name &_
"&x_company=" & x_company &"&x_address=" & x_address & "&x_city=" & x_city & "&x_state=" &_
x_state &"&x_zip=" & x_zip & "&x_email_customer=" & x_email_customer & "&x_email=" & x_email &_
"&x_phone=" & x_phone & "&x_fax=" & x_fax & "&x_description=" & x_description &_
"&x_recurring_billing=" & "NO" &_
"&x_ship_to_first_name=" & x_first_name & "&x_ship_to_last_name=" & x_last_name &_
"&x_ship_to_company=" & x_company & "&x_ship_to_address=" & x_address &_
"&x_ship_to_city=" & x_city & "&x_ship_to_state=" & x_state & "&x_ship_to_zip=" & x_zip &_
"&x_invoice_num=" & x_invoice_num & "&x_cust_id=" & x_cust_id 

  Dim xml
  Dim strStatus
  Dim strRetval
  Set xml = Createobject("MSXML2.ServerXMLHTTP")
  xml.open "POST", "https://secure.authorize.net/gateway/transact.dll", false
  xml.send vPostData
  strStatus = xml.Status
  strRetval = xml.responseText
  Set xml = nothing

  Dim strArrayVal
  strArrayVal = split(strRetVal, "|", -1)
  arrData = strArrayVal

if arrData(0) = 1 then
  return_code = arrData(3)
  process_card = true
  fxn_cc_tran_id = arrData(6)
  return_code = arrData(3)
  process_card = false
end if

Open in new window

If anyone knows anything about this and can give me a starting place, I would really appreciate it.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fixer of Problems
Most Valuable Expert 2014
This question https://www.experts-exchange.com/questions/29076359/Msxml2-ServerXMLHTTP-6-0-not-working-for-TLS-1-2.html may help you.  The problem is usually that the version of MSXML2.ServerXMLHTTP does not support TLS 1.2.  Also more info here https://community.developer.authorize.net/t5/Integration-and-Testing/TLS-1-2-Issue-in-Classic-ASP-environment/td-p/58012 along with a simple test script.


Thank you very much.  I searched Authorize.net and EE and did not find these posts that you have given me.

Now I have a good starting point.

I will post later with an update.



Dave, Thanks so much for these helpful links.  We eventually resolved most of the issues with help from the authorize.net developers forum.  In addition to changing our connection string to SQL Server and the xml object to connect to authorize.net, our server people had to change registry settings to default the server to TLS 1.2, as well as install updates to SQL Server to use native client 11 and an updated sql server driver.  The test scripts posted in the authorize.net developers forum were excellent.  It was a tedious process but we are again connecting to authorize.net.

Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Cool, glad I could help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial