cancel
Showing results for 
Search instead for 
Did you mean: 

TLS 1.2 Issue - in Classic ASP environment

I manage a few sites that still use Classic ASP.

The method of connection is via a MSXML2 component pointing to https://secure.authorize.net/gateway/transact.dll

Is there a simple change i can make in this code somewhere (see below), to test via the sandbox, and see if the server is TLS 1.2 compliant?

 

Thanks!

 

[code]

set objHttp = server.Createobject("MSXML2.ServerXMLHTTP")
if err.number <> 0 then
    Response.write(err.Description)
    response.End()
end if
'on error goto 0

objHttp.open "POST", strPost, false
objHttp.Send strRequest

'Get response
objHttpStatus = objHttp.status
strResponse   = objHttp.responseText
set objHttp      = nothing

[/code]

snooper
Member
71 REPLIES 71

By any chance do you know anything about making these same changes in a vbscript program?  Our authorize.net connections are working from our asp classic pages but I have 2 vbs programs I set up to run automatic billing processes.  I used vbscript becuase I can call it from the task scheduler.  This is another thing that broke when authorize.net stopped supporting TLS 1.0 and 1.1 and it had been running for 10 years.  The asp classic and vbs programs are identical except for the word "Server." before "CreateObject" in the "set xml" line in asp.

 

 Set xml = Createobject("MSXML2.ServerXMLHTTP") ' original line
 Set xml = CreateObject("MSXML2.ServerXMLHTTP.6.0")
 Set xml = CreateObject("MSXML2.XMLHTTP.6.0")
'Set xml = CreateObject("WinHTTP.WinHTTPRequest.5.1")

 

'None of the lines above work - I get channel security error or other similar errors.
  xml.open "POST", "https://secure.authorize.net/gateway/transact.dll", false
  xml.send vPostData
  strStatus = xml.Status
  strRetval = xml.responseText
  Set xml = nothing

 

Is there something else I should do to get VBScript to work again?

Thanks,

Alexis

Is this script run on the same server?  If not, what is the environment?

 

Can you post the whole script or the line number and part of the script that is failing?

Thank you again.  I have spent the last 2 days trying to test this issue, scour the internet and figure it out.  Since I know the server works and asp classic code works, the problem has to be in my code and it looks to be the same line that was the final fix in the asp code.

 

I need the vbs program to run from the task scheduler.  This same logic has run for over 10 years with no problem until 2/28.  Since the asp code worked the other day, I assume I could just turn the tasks back on and it would work after I applied the same changes but it did not.

 

I created 2 almost identical basic programs that connect to authorize.net; one in asp classic and one in vbs.  The asp program works but the vbs program does not.  

 

Here are copies of both programs.  I changed sensitive data to "xxx" in both programs after I tested but these values were valid and identical when I tested each program a few minutes ago.

 

Yes, the programs reside on the same server and in the same folder (wwwroot), where they have always resided and worked in the past.

 

asp classic:

<%

'test_tls_040318.asp 

 

Dim xml, strStatus, strRetval

On Error Goto 0

 

Dim x_version, x_delim_data, x_relay_response

Dim x_amount, x_card_num, x_exp_date, x_type

Dim x_first_name, x_last_name, x_company, x_address

Dim x_city, x_state, x_zip, x_phone, x_fax, x_card_code, x_email, x_email_customer

dim ccnum

 

x_version = "3.1" 

x_delim_data = "TRUE"

x_delim_char = "|"

x_relay_response = "False"

Const x_login = "xxx"

Const x_tran_key = "xxx"

x_exp_date = ""  ' MMYYYY

x_type = "AUTH_CAPTURE"

x_email_customer = "FALSE"

x_description = " Monthly Charge Test"

x_amount = 29.95

x_email = "alexis@xx" 'email_address

dim cardnum, fax, tfreenum

cardnum = "xxx"

x_card_num = sr_decode(unescape(cardnum))

x_first_name = "Alexis" 'unescape(fname)

x_last_name = "test" 'unescape(lname)

x_company = "ABC" 'unescape(company_name)

x_address = "1 Main Street" 'unescape(address1and2)

x_city = "BestTown" 'unescape(city)

x_state = "NJ" 'unescape(state)

x_zip = "08003" ''zip

x_phone = "8562222222" 'client_phone

x_fax ="8562222222" ' fax

x_card_code = ""  'not using cvc

tfreenum = "xxx"

x_invoice_num = tfreenum

x_cust_id = 3488 'client_id

x_country = "US"

x_ship_to_country = "US"  

 

credit_card_cvc_num      = ""

credit_card_expire_month = 07 '''''ccmonexp

credit_card_expire_year  = 2022 ''ccyearexp

if Len(credit_card_expire_month) = 1 then

  credit_card_expire_month = "0" & credit_card_expire_month

end if

x_exp_date = credit_card_expire_month & credit_card_expire_year

 

dim vPostData

vPostData = "x_login=" & x_login & "&x_tran_key=" & x_tran_key & "&x_version=" & x_version &_

"&x_delim_data=" & x_delim_data & "&x_delim_char=" & x_delim_char & "&x_relay_response=" & x_relay_response &_

"&x_type=" & x_type & "&x_card_num=" & x_card_num & "&x_exp_date=" & x_exp_date & "&x_card_code=" & x_card_code &_

"&x_amount=" & x_amount & "&x_first_name=" & x_first_name & "&x_last_name=" & x_last_name &_

"&x_company=" & x_company &"&x_address=" & x_address & "&x_city=" & x_city & "&x_state=" &_

x_state &"&x_zip=" & x_zip & "&x_email_customer=" & x_email_customer & "&x_email=" & x_email &_

"&x_phone=" & x_phone & "&x_fax=" & x_fax & "&x_description=" & x_description &_

"&x_recurring_billing=" & "NO" &_

"&x_ship_to_first_name=" & x_first_name & "&x_ship_to_last_name=" & x_last_name &_

"&x_ship_to_company=" & x_company & "&x_ship_to_address=" & x_address &_

"&x_ship_to_city=" & x_city & "&x_ship_to_state=" & x_state & "&x_ship_to_zip=" & x_zip &_

"&x_invoice_num=" & x_invoice_num & "&x_cust_id=" & x_cust_id

  Set xml = Server.CreateObject("MSXML2.XMLHTTP.6.0")  '3/29/18

  xml.open "POST", "https://secure.authorize.net/gateway/transact.dll", false

  xml.send vPostData

  strStatus = xml.Status

  strRetval = xml.responseText

 

'Response.Write "vPostData_asp=" & vbcrlf & vbcrlf

'Response.write vPostData & vbcrlf & vbcrlf

Response.write "strstatus: "  & strStatus & vbcrlf & vbcrlf

Response.Write "strRetval: " & strRetval ''xml.responseText

Response.End

 

'///////////////////////////////

function sr_decode(str)

    offset = 8

    oldStr = ""

    for i = 1 to len(str)

        oldStr = oldStr & chr((asc(mid(str,i,1))-offset))

    next

    sr_decode = oldStr

end function

%>

 

vbs:

'4/2/18 cc_monthly_charge_test2.vbs

Dim xml, strStatus, strRetval

On Error Goto 0

 

Dim x_version, x_delim_data, x_relay_response

Dim x_amount, x_card_num, x_exp_date, x_type

Dim x_first_name, x_last_name, x_company, x_address

Dim x_city, x_state, x_zip, x_phone, x_fax, x_card_code, x_email, x_email_customer

dim ccnum

 

x_version = "3.1" 

x_delim_data = "TRUE"

x_delim_char = "|"

x_relay_response = "False"

Const x_login = "xxx"

Const x_tran_key = "xxx"

x_exp_date = ""  ' MMYYYY

x_type = "AUTH_CAPTURE"

x_email_customer = "FALSE"

x_description = "Monthly Charge Test"

x_amount = 29.95

x_email = "alexis@xxxx"

dim cardnum, fax, tfreenum

cardnum = "xxx"

x_card_num = sr_decode(unescape(cardnum))

x_first_name = "Alexis" 'unescape(fname)

x_last_name = "test" 'unescape(lname)

x_company = "ABC" 'unescape(company_name)

x_address = "1 Main Street" 'unescape(address1and2)

x_city = "BestTown" 'unescape(city)

x_state = "NJ" 'unescape(state)

x_zip = "08003" ''zip

x_phone = "8562222222" 'client_phone

x_fax ="8562222222" ' fax

x_card_code = ""  'not using cvc

tfreenum = "8779999999"

x_invoice_num = tfreenum

x_cust_id = 3488 'client_id

x_country = "US"

x_ship_to_country = "US"  

 

credit_card_cvc_num      = ""

credit_card_expire_month = 07 '''''ccmonexp

credit_card_expire_year  = 2022 ''ccyearexp

if Len(credit_card_expire_month) = 1 then

  credit_card_expire_month = "0" & credit_card_expire_month

end if

x_exp_date = credit_card_expire_month & credit_card_expire_year

 

 

dim vPostData

vPostData = "x_login=" & x_login & "&x_tran_key=" & x_tran_key & "&x_version=" & x_version &_

"&x_delim_data=" & x_delim_data & "&x_delim_char=" & x_delim_char & "&x_relay_response=" & x_relay_response &_

"&x_type=" & x_type & "&x_card_num=" & x_card_num & "&x_exp_date=" & x_exp_date & "&x_card_code=" & x_card_code &_

"&x_amount=" & x_amount & "&x_first_name=" & x_first_name & "&x_last_name=" & x_last_name &_

"&x_company=" & x_company &"&x_address=" & x_address & "&x_city=" & x_city & "&x_state=" &_

x_state &"&x_zip=" & x_zip & "&x_email_customer=" & x_email_customer & "&x_email=" & x_email &_

"&x_phone=" & x_phone & "&x_fax=" & x_fax & "&x_description=" & x_description &_

"&x_recurring_billing=" & "NO" &_

"&x_ship_to_first_name=" & x_first_name & "&x_ship_to_last_name=" & x_last_name &_

"&x_ship_to_company=" & x_company & "&x_ship_to_address=" & x_address &_

"&x_ship_to_city=" & x_city & "&x_ship_to_state=" & x_state & "&x_ship_to_zip=" & x_zip &_

"&x_invoice_num=" & x_invoice_num & "&x_cust_id=" & x_cust_id

 

Set xml = CreateObject("MSXML2.ServerXMLHTTP.6.0")

 'Set xml = CreateObject("MSXML2.XMLHTTP.6.0")

 'Set xml = Createobject("MSXML2.ServerXMLHTTP")

 'Set xml = CreateObject("WinHTTP.WinHTTPRequest.5.1")

 

  xml.open "POST", "https://secure.authorize.net/gateway/transact.dll", false

  xml.send vPostData

  'strStatus = xml.Status

  'strRetval = xml.responseText

 ' Set xml = nothing

 

'msgbox "strstatus: "  & strStatus

'msgbox "strRetval: " & strRetval

'///////////////////////////////

function sr_decode(str)

    offset = 8

    oldStr = ""

    for i = 1 to len(str)

        oldStr = oldStr & chr((asc(mid(str,i,1))-offset))

    next

    sr_decode = oldStr

end function

 

The VBS program bombs on line 71 each time:  xml.send vPostData

 

This happens no matter which set line I use.  This vbs program does not work with the same "server." line that the asp line has.  I never used "server." when the program worked previously.

 

If I use: Set xml = CreateObject("MSXML2.ServerXMLHTTP.6.0")

Set xml = Createobject("MSXML2.ServerXMLHTTP")

or

Set xml = CreateObject("WinHTTP.WinHTTPRequest.5.1"),

I get the error "An error occurred in the secure channel support".

 

If I use:

Set xml = CreateObject("MSXML2.XMLHTTP.6.0"),

I get the error: "The system cannot locate the resource specified."

 

In asp, this set line works perfectly:

  Set xml = Server.CreateObject("MSXML2.XMLHTTP.6.0") 

 

If I try the exact same set line in the vbs program that works in the asp program, I get an error "Object Required: Server".  That's when I realized I forgot to remove the "server:" part of the set line for vbs when I applied the same changes in vbs that I did in asp classic.

 

Thanks again for your help.

Regards,

Alexis

 

 

 

What version is your winhttp.dll in the windows\system32 folder?

 

Try the same exact set object line that you are using in the asp script that has "Server." in front of CreateObject like this:

 

Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")

or

Set xml = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")

 

Does your server have ASP.NET 4.5?  You can find this in the registry:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\

windows\system32 version is:

6.2.9200.16451

 

I tried the putting "Server." in front of all 4 objects but each one gave me the error:

Object Required: 'Server’

 

 Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")

 Set xml = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")

 Set xml = Server.CreateObject("MSXML2.XMLHTTP.6.0") 

'Set xml = Server.Createobject("MSXML2.ServerXMLHTTP")

 

And, in my previous script that worked, I did not use "Server."  

 

And, yes, we have ASP.NET 4.5.  I checked the registry and we have 4.5 and below that we have 4.5.1.

 

Thanks!

Alexis

Try using this set object: Set xml = CreateObject("WinHTTP.WinHTTPRequest.5.1")

 

and then add

 

xml.Option(9) = 2048 'TLS 1.2

 

just before

 

xml.open "POST", "https://secure.authorize.net/gateway/transact.dll", false

 

Should look something like this:

 

'Set xml = CreateObject("MSXML2.ServerXMLHTTP.6.0")

'Set xml = CreateObject("MSXML2.XMLHTTP.6.0")

'Set xml = Createobject("MSXML2.ServerXMLHTTP")

Set xml = CreateObject("WinHTTP.WinHTTPRequest.5.1")

 

xml.Option(9) = 2048 'TLS 1.2  

xml.open "POST", "https://secure.authorize.net/gateway/transact.dll", false

xml.send vPostData

'strStatus = xml.Status

'strRetval = xml.responseText

' Set xml = nothing

 

 

If that still throws an error then your winhttp.dll may not support TLS 1.2.  From what I have found version 6.3.9600.xxxx supports TLS 1.2.  I can't find anywhere that you can install a patch for the dll but you can get a copy from a Server 2012r2 installation and copy it into the Windows\System32 folder. Just rename the current one so you have it to restore rather than deleting it.

Thank you again! It works!  The changes you indicated did the trick.

 

Set xml = CreateObject("WinHTTP.WinHTTPRequest.5.1")

xml.Option(9) = 2048 'TLS 1.2  

 

I applied the changes first to a watered-down test program and it worked.  Then I applied the change to a test program that is the live code but only looked at a test account and that worked.

 

So I applied the change to my live program.  The process was kicked off by the task scheduler at 1am and all our clients were successfully billed by the process for the first time in almost 5 weeks.

 

My client and I send you a big thank you.  He so appreciates that you took your time and expertise to help us.  I do too.

 

I sincerely hope this post will help others as our old website, server and programs certainly had almost every issue possible to fight getting TLS 1.2 to work for our billing processes on authorize.net.

 

Thank you again and best wishes.

Alexis

 

 

 

 

Glad to hear it is working now.

 

It looks like vbscript doesn't follow the registry defaults like asp scripts do.  Using the Option(9) setting allows you to specify the TLS version.

 

It may also be true that the winhttp.dll version dictates the TLS version but in either case this fix seems to work.

 

 

I had a feeling that was the problem.  I knew the server was fixed so I knew the problem was in my code and I knew the vbscript was not going through the website so there had to be another line to "tell it" to do this or that when connecting.  I had searched for a few days on my own trying to find that "line" before I posted again and bothered you.

 

I am so grateful to you.  I have been doing my day job and trying to work this issue out at night and early in the morning for 5 weeks.  I felt so bad that I messed up my client by not paying attention to the authorize.net warning emails about tls 1.2 sent way in advance.  I learned a good lesson. 


Thank you again!

Alexis

I am uning the

Windows Server 2008 R2.

IIS6.0

Classic ASP

Vbscript

 

Below are the code part that is using :
post_url = "https://secure.authorize.net/gateway/transact.dll"

Set objRequest = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")

 

objRequest.open "POST", post_url, false
objRequest.send post_string

 

 

I am getting the error when executing the "objRequest.send post_string". error is :

 

msxml6.dll error '80072f7d'

An error occurred in the secure channel support

 

 

 

Also followed below suggestion but still getting the same issue:

 

Your webserver probably needs TLS 1.0 to communicate with the database server.  Have the host re-enable 1.0 and 1.1.  Then have the host set the "DefaultSecureProtocols" registry keys to 0x00000800.  This key will need to be added to each of these:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
 

On x64-based computers, DefaultSecureProtocols must also be added to the Wow6432Node path:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
 
 
 
 
Please help me to get out this issue. Thank you!