- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TLS 1.2 Issue - in Classic ASP environment
I manage a few sites that still use Classic ASP.
The method of connection is via a MSXML2 component pointing to https://secure.authorize.net/gateway/transact.dll
Is there a simple change i can make in this code somewhere (see below), to test via the sandbox, and see if the server is TLS 1.2 compliant?
Thanks!
[code]
set objHttp = server.Createobject("MSXML2.ServerXMLHTTP")
if err.number <> 0 then
Response.write(err.Description)
response.End()
end if
'on error goto 0
objHttp.open "POST", strPost, false
objHttp.Send strRequest
'Get response
objHttpStatus = objHttp.status
strResponse = objHttp.responseText
set objHttp = nothing
[/code]
05-09-2017 12:37 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All you need is to install this driver:
https://www.microsoft.com/en-us/download/details.aspx?id=36434
03-25-2018 06:49 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you. I will let the server people know.
Regards,
Alexis
03-26-2018 03:31 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What total frustration!! The server people worked with Microsoft so now SSL 3.0 and 2.0 are disabled. The SSL check at https://www.ssllabs.com/ssltest/ shows every configuration setting is “No” except for TLS 1.2, which is "Yes".
The website is still working with ssl3.0 and ssl2.0 turned off, which was our most recent problem. The server people said SQL service pack3 was required and Native client 11.
I thought we would be good now but the test program doesn't work nor does authorize.net. (I tried a client purchase but no transaction was sent to authorize.net)
Here's my test program:
<%
'test_tls_032618.asp
Set objHttp = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
objHttp.open "GET", "https://howsmyssl.com/a/check", False
objHttp.Send
Response.Write objHttp.responseText & "<br>"
Set objHttp = Nothing
%>
Here's the error message:
msxml6.dll error '80072f7d'
An error occurred in the secure channel support
/test_tls_032618.asp, line 5
Any ideas? It seems like the sql server or the server still has a problem.
Thanks,
Alexis
03-26-2018 07:01 PM - edited 03-26-2018 07:12 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try setting the object in your script with one of these lines rather than the one you are using now.
Set objhttp = Server.CreateObject("MSXML2.XMLHTTP.6.0")
or this one
Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
If neither of them work, let us know what versions of server you are on. 2008 or 2012 and what is the database server?
03-26-2018 07:51 PM - edited 03-26-2018 07:52 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried the 2 additional object settings. Neither worked. I'm showing below the setting I used and what error I got.
Set objHttp = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
msxml6.dll error '80072f7d'
An error occurred in the secure channel support
/test_tls_032618.asp, line 5
Set objhttp = Server.CreateObject("MSXML2.XMLHTTP.6.0")
msxml6.dll error '80070005'
Access is denied.
/test_tls_032618.asp, line 5
Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
WinHttp.WinHttpRequest error '80072f7d'
An error occurred in the secure channel support
/test_tls_032618.asp, line 5
Here's information on our software:
We have SQL Server 2012 Express installed.
Here's what I see through SQL Mgmt Studio properties:
Product Name: Microsoft SQL Server Express Edition (64-bit)
Product Version: 11.0.6020 SP3
The server has Windows 2012 Server installed.
Here's what I see when I check under the Control Panel/Systems:
Windows Server 2012 Standard
Platform: NT x64
Operating System: 6.2 (9200)
I also sent information to our server people and copied MS (who is helping them) to let them know that their changes did not fix the authorize.net connection issue.
Thanks,
Alexis
03-27-2018 04:18 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try re-enabling TLS 1.0 and if that makes the script work then you still do not have the SQL Native 11 Driver installed.
If the script works after enabling TLS 1.0 then your problem is between your webserver and your SQL server and you should still be able to complete Authorize.net transactions.
03-27-2018 07:01 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The server people installed the driver at the link you indicated but that did not resolve the issue.
I also tried re-enabling TLS 1.0 but the script still wouldn't work. Please note that I am rebooting the server each time after changing settings in IIS Crypto.
After enabling TLS 1.0, when I run the script, I get the old message again about cipher suites:
{"given_cipher_suites":["TLS_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_RC4_128_SHA","TLS_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_DHE_DSS_WITH_AES_128_CBC_SHA","TLS_DHE_DSS_WITH_AES_256_CBC_SHA","TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA","TLS_RSA_WITH_RC4_128_MD5"],"ephemeral_keys_supported":true,"session_ticket_supported":true,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":true,"insecure_cipher_suites":{"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA":["uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"],"TLS_RSA_WITH_3DES_EDE_CBC_SHA":["uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"],"TLS_RSA_WITH_RC4_128_MD5":["uses RC4 which has insecure biases in its output"],"TLS_RSA_WITH_RC4_128_SHA":["uses RC4 which has insecure biases in its output"]},"tls_version":"TLS 1.0","rating":"Bad"}
I wish I had better news.
Thanks,
Alexis
03-27-2018 06:16 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This indicates that your webserver is not Defaulting to TLS 1.2
Please verify that both of these registry keys are set to: 0x00000800
On x64-based computers, DefaultSecureProtocols must also be added to the Wow6432Node path:
03-27-2018 06:31 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I verified the settings using regedit.
I was unable to insert the screenshots I took but they both look like this:
Value: 0x00000800 (2048)
03-27-2018 07:39 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does the rest of the site work now? i.e. can you do everything except post a payment to Authorize.net?
If so, then you just need to figure out why the server is not obeying the DefaultSecureProtocols registry keys. I would check those keys again. Make sure that the path and spelling are correct and that the key is spelled exactly as above with the proper Case.
03-27-2018 08:22 PM