Geek Answers Handbook

Classic ASP Outbound TLS 1.2

We use the UPS web API call to verify the address information. They require TLS 1.2, and the switch broke our page.

<% If ACTION="Verify" and ncSCountry="USA" and ncSState<>"PR" and ncSState<>"AA" and ncSState<>"AP" and ncSState<>"AE" then Dim sXML sXML = "<?xml version='1.0'?>" sXML = sXML & "<AccessRequest xml:lang='en-US'>" sXML = sXML & "<AccessLicenseNumber>XXXXXX</AccessLicenseNumber>" sXML = sXML & "<UserId>XXXX</UserId>" sXML = sXML & "<Password>XXXX</Password>" sXML = sXML & "</AccessRequest>" sXML = sXML & "<?xml version='1.0'?>" sXML = sXML & "<AddressValidationRequest xml:lang='en-US'>" sXML = sXML & "<Request>" sXML = sXML & "<TransactionReference>" sXML = sXML & "<CustomerContext /><XpciVersion>1.0001</XpciVersion>" sXML = sXML & "</TransactionReference>" sXML = sXML & "<RequestAction>XAV</RequestAction>" sXML = sXML & "<RequestOption>1</RequestOption></Request>" sXML = sXML & "<MaximumListSize>1</MaximumListSize>" sXML = sXML & "<AddressKeyFormat>" sXML = sXML & "<ConsigneeName></ConsigneeName>" sXML = sXML & "<BuildingName></BuildingName>" sXML = sXML & "<AddressLine>" & ncSAddr1 & "</AddressLine>" sXML = sXML & "<AddressLine>" & ncSAddr2 & "</AddressLine>" sXML = sXML & "<AddressLine></AddressLine>" sXML = sXML & "<PoliticalDivision2>" & ncSCity & "</PoliticalDivision2>" sXML = sXML & "<PoliticalDivision1>" & ncSState & "</PoliticalDivision1>" sXML = sXML & "<PostcodePrimaryLow>" & ncSZip & "</PostcodePrimaryLow>" sXML = sXML & "<CountryCode>US</CountryCode>" sXML = sXML & "</AddressKeyFormat>" sXML = sXML & "</AddressValidationRequest>" 'Now pass the request to UPS Dim xmlhttp4, sResponseXML, myDoc Set xmlhttp4 = CreateObject("WinHttp.WinHttpRequest.5.1") 'Set xmlhttp4 = CreateObject("MSXML2.ServerXMLHTTP") xmlhttp4.Open "POST","https://onlinetools.ups.com/ups.app/xml/XAV", false xmlhttp4.setRequestHeader "Content-Type", "application/x-www-form-urlencoded" xmlhttp4.send(sXML) If xmlhttp4.Status >= 400 And xmlhttp4.Status <= 599 Then 'Response.Write( "Error Occurred : " & xmlhttp.Status & " - " & xmlhttp.statusText) sResponseXML = "</empty>" Else sResponseXML = xmlhttp4.responseText End If Set myDoc=CreateObject("Microsoft.XMLDOM") myDoc.loadXML(sResponseXML) myDoc.async = false Dim addressline, addressline2, city, state, zip, zip4, responsestatus Dim root, NodeList, x Set root = myDoc.DocumentElement If myDoc.hasChildNodes then Set NodeList = root.SelectNodes("AddressKeyFormat") For x = 0 To (NodeList.Length - 1) city = NodeList.Item(x).SelectSingleNode("PoliticalDivision2").Text state = NodeList.Item(x).SelectSingleNode("PoliticalDivision1").Text addressline = NodeList.Item(x).SelectSingleNode("AddressLine").Text addressline2=NodeList.Item(x).SelectSingleNode("AddressLine").NextSibling.nodename if addressline2="AddressLine" then addressline2=NodeList.Item(x).SelectSingleNode("AddressLine").NextSibling.Text Else addressline2="" ENd if zip = NodeList.Item(x).SelectSingleNode("PostcodePrimaryLow").Text zip4 = NodeList.Item(x).SelectSingleNode("PostcodeExtendedLow").Text Next End If Dim startcust3, endcust3 startcust3=instr(sresponseXML, "<ResponseStatusCode>") endcust3 = instr(sresponseXML, "</ResponseStatusCode>") responsestatus=Mid(sResponseXML,startcust3+20,(endcust3-startcust3-20)) ENd if %>

I already tried to make this switch, but I feel that something is missing.

 Set xmlhttp4 = CreateObject("WinHttp.WinHttpRequest.5.1") 'Set xmlhttp4 = CreateObject("MSXML2.ServerXMLHTTP")
+6
source share
1 answer

I found a solution with a simple registry fix.

1) Register the TLS 1.2 protocol:

 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:ffffffff "DisabledByDefault"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:ffffffff "DisabledByDefault"=dword:00000000

2) Configure TLS 1.2 by default in 32-bit applications:

 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000800

3) Configure TLS 1.2 by default in 64-bit applications:

 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000800

4) Reboot the server

If you need TLS 1.1 support only:

  • In step 1) above, simply change “TLS 1.2” to “TLS 1.1” and apply the new registry fix.
  • In steps 2) and 3) above, change the value "00000800" to "00000200" and apply a new registry fix.

If you need support for TLS 1.1 and 1.2, then

  • Repeat step 1) from above two times two register both protocols.
  • In steps 2) and 3) use the value "00000A00" (which is a combination of "00000800" + "00000200")

Verification Code:

 <% Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1") objHttp.open "GET", "https://howsmyssl.com/a/check", False objHttp.Send Response.Write objHttp.responseText Set objHttp = Nothing %>

At the end of the answer you should see the version of TLS used on request

 "tls_version":"TLS 1.2"
+11
source

More articles:


All Articles