Classic ASP / IIS6 / Win2003 server cannot communicate with TLS server

Question

Classic ASP / IIS6 / Win2003 server cannot communicate with TLS server

Sage Pay today stopped its exemption from using SSL3 sites when communicating with its payment / authorization servers. TLSv1 is now required.

We have a Windows Server 2003 window with IIS6 and two sites written (unfortunately) in classic ASP. The box has been fixed / registry keys updated to mitigate against POODLE, and various online checkers support this. The server should use TLS ONLY.

However, if you attempt to authorize a Sage Pay transaction using WinHttp.WinHttpRequest.5.1 and POST, the attempt immediately stops. The only error returned by WinHttpRequest is "-2147483638 - WinHttp.WinHttpRequest - the data required to complete this operation is not yet available."

Internet Explorer on the same server also cannot access the Sage Pay administration interfaces located at the same URLs. This is despite the fact that SSLv2 and SSLv3 are disabled in Internet Options. Again, TLSv1 should be the only option available for ANYTHING on the box.

It doesn't matter what timeouts or parameters I put in the WinHttp object - it fails so quickly, as if it hadn't even tried.

I have verified that the server in question can communicate with Sage Pay servers using curl. curl works either without the specified protocol (it uses TLS), or by manually specifying - and will not, when SSL2 or 3 is specified - as expected.

If this works, why will nothing happen - when every bit of the server configuration says it should?

Here is a small sample code that returns the above WinHttpRequest error:

<% VSPServer = "https://test.sagepay.com/showpost/showpost.asp" Set objHTTP = Server.CreateObject("WinHttp.WinHttprequest.5.1") On Error Resume Next objHTTP.Open "POST",CStr(VSPServer),False objHTTP.Send "Hello" If Err.Number <> 0 Then Response.Write "Status: " & objHTTP.Status & "<p>" Response.Write Err.Number & " - " & Err.Source & " - " & Err.Description End If On Error Goto 0 Set objHTTP = Nothing %>

If False is changed to True (to start this asynchronous call) in the objHTTP.Open line, the script returns nothing. This script worked before Sage Pay turned things around this afternoon.

+4

ssl iis windows-server-2003 asp-classic sagepay

Mikkyx Mar 18 '15 at 16:07

source share

2 answers

It does not matter what timeouts or parameters I put in the WinHttp object - it is not nearly as fast as it was even tried .
The only error returned by WinHttpRequest is "-2147483638 - WinHttp.WinHttpRequest - The data required to complete this operation is not yet available .

It looks like you made an asynchronous request, but did not wait for a response.

First , you need to find out by calling WaitForResponse .
And Second , you need to establish which secure protocols can be used to connect.

Try using the following code and let me know if the problem persists.

 Option Explicit Const WinHttpRequestOption_SecureProtocols = 9 Const SecureProtocol_SSL2 = 8, SecureProtocol_SSL3 = 32, _ SecureProtocol_TLS1 = 128, SecureProtocol_TLS1_1 = 512, _ SecureProtocol_TLS1_2 = 2048 Dim objHTTP Set objHTTP = Server.CreateObject("WinHttp.WinHttprequest.5.1") objHTTP.Open "GET", "https://test.sagepay.com/showpost/showpost.asp", True objHTTP.Option(WinHttpRequestOption_SecureProtocols) = SecureProtocol_TLS1 objHTTP.Send If objHTTP.WaitForResponse(30) Then 'wait up to 30 seconds 'response is ready Response.Write "Status : " & objHTTP.Status & "<br />" Response.Write "Response Length : " & LenB(objHTTP.ResponseBody) Else 'Request timed out Response.Write "Request timed out" End If Set objHTTP = Nothing

+2

Kul-tigin Mar 19 '15 at 2:18

source share

Mikkyx · Accepted Answer · 2015-03-19T09:00:16+0000

Now I managed to resolve it. After changing the nature of the problem search, I found that Win2003 uses a different encryption algorithm to connect to servers even through TLS. It uses 3DES, while SagePay expects AES. (Source: SagePay protocol violation error )

This led me to install the fix associated with Richard Day's answer ( http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351385_ENU_i386_zip.exe - this is a fix for 32-bit English - The patch page is here: https://support.microsoft.com/kb/948963 ) - and after the reboot everything fell into place.

Thanks to everyone who made suggestions. It seems like, in the end, it was a server level issue. If this requires this post to be moved (since it is no longer related to programming), please do so.

Classic ASP / IIS6 / Win2003 server cannot communicate with TLS server

More articles: