问题
The Server I am connecting to requires TLS 1.1. My attempts fail. I am on a Windows Server 2008 R2 Standard SP1 64bit machine using Classic ASP.
Here is my code:
const WinHttpRequestOption_SecureProtocols = 9
const SecureProtocol_TLS1_1 = 512
dim objHTTP
set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
No error:
objHTTP.Option(9) = 128
'No error:
objHTTP.Option(9) = &H80
'Errors right here:
objHTTP.Option(WinHttpRequestOption_SecureProtocols) = SecureProtocol_TLS1_1
'Errors right here:
objHTTP.Option(9) = 512
'Errors right here:
objHTTP.Option(9) = &H200
It does not matter where in the code I place this line, I still get this error as it tries to execute:
Microsoft VBScript runtime error '800a0005'
Invalid procedure call or argument: 'Option'
My Server's Browser was IE8, so I installed IE11 hoping for better results. Same error.
I have the Internet options of IE11 set to
- (Unchecked) Use SSL 2.0
- (Unchecked) Use SSL 3.0
- (Unchecked) Use TLS 1.0
- (Checked) Use TLS 1.1
- (Checked) Use TLS 1.2
In the Registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
I have TLS 1.1 and 1.2 set at enabled=1 and DisabledByDefault=0
All the rest are set opposite.
I did the same at /ControlSet001/ and /ControlSet002/
Why can't I set objHTTP.Option(9) = 512?
Bonus question: Why is WinHttp insisting on TLS 1.0 regardless of my Server's settings?
回答1:
If you open the winhttp.dll in visual studio object browser, the version in Windows Server 2008 does not contain the constants for TLS1.1 and TLS1.2 under WinHttpRequestSecureProtocols enum.
If you do the same for Windows Server 2012, you'll find that the constants for TLS1.1 and TLS1.2 do appear.
I don't see an update available for Win 2008 to upgrade winhttp. If one exists I'd like to know. I haven't tried copying the Win 2012 version to Win 2008. I don't know if that would cause issues or not.
回答2:
This option means TLS 1.0:
objHTTP.Option(9) = 128
And winhttp.dll library on Windows 2008 R2 has reference only to this value. That's why you don't have any error with it.
Next option means TLS 1.1:
objHTTP.Option(9) = 512
But only Windows 2012 and newer knows this value. That's why you have errors on Windows 2008 R2
So you have to upgrade your Windows in order to use this setting.
Or there is another approach using registry fix exists. Because Windows uses this value in case it is not specified in your code.
This approach works without changing any line of code.
In general:
Register protocol TLS 1.1 or even 1.2 is better (or both) in next section
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Tell winhttp.dll to use one of those protocols by default with value "DefaultSecureProtocols" in next sections
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
See more details in my answer here: Classic ASP Outbound TLS 1.2
来源:https://stackoverflow.com/questions/31886775/winhttp-errors-on-option-9-win2008-classic-asp