Problem TLS 1.2 with Microsoft XMLHTTP(server)

xenox75 · Post by **xenox75** » 17 Nov 2020, 18:19

Bye,

I am using the Microsoft XMLHTTP(server) method to connect to an external link in POST mode.

From local works well, on the Citrix server immediately error...

It would seem that the destination url has no blocks or filters and that at least TLS 1.2 communication is needed...

Do you know if it is something that must be set on the Server or if on the call I can set TLS 1.2?

This is how the call is made:

Code: Select all

Set sRequest_Url = sURL
Set sRequest_Action = "POST"
Set sRequest_Input = sJSON_Input
Set sStatus = ""
Set dfErrori = ""
!
Set sPROXY_Valore = dfProxy
If (nWSPBLNexi_PROXY_Timeout <= 0)
	Set nPROXY_Timeout = 10000 ! 10000 = 10 Secondi
Else
	Set nPROXY_Timeout = nWSPBLNexi_PROXY_Timeout
!
! Disable Gupta error messageboxes. We handle the errors ourselves
Call SalActiveXAutoErrorMode( FALSE )
!
If uHTTP.Create( )
	! Set synchronous call
	Call uVariantAsync.SetBoolean( FALSE )
	! No user/password needed, so make optional
	Call uVariantUser.MakeOptional(  )
	Call uVariantPassword.MakeOptional(  )
	!
	! Imposto Timeout Chiamata
	Call uHTTP.setTimeouts( nPROXY_Timeout, nPROXY_Timeout, nPROXY_Timeout, nPROXY_Timeout )
	! Setto Parametri PROXY
	If cbProxy
		Call uVariantProxyServer.SetString( sPROXY_Valore )
		Call uVariantProxyBypasslist.MakeOptional(  )
		Call uHTTP.setProxy( 2, uVariantProxyServer, uVariantProxyBypasslist )
		Set dfErrori = "PROXY SET - "
	!
	If uHTTP.open( sRequest_Action, sRequest_Url, uVariantAsync, uVariantUser, uVariantPassword )
		! Now set the JSON in the body
		Call uVariantBody.SetString( sRequest_Input )
		!
		! Set the HTTP header properties
		Call uHTTP.setRequestHeader( 'Content-Type', 'application/json' )
		Call uHTTP.setRequestHeader( "Accept", 'application/json' )
		Call uHTTP.setRequestHeader( "Accept-Encoding", 'gzip,deflate' )
		Call uHTTP.setRequestHeader( "Connection", 'Keep-Alive' )
		!
		Set dfErrori = dfErrori || "Open OK - "
		!
		! Do execute the service
		If uHTTP.send( uVariantBody )
			! Get the status of the call
			Call uHTTP.PropGetstatus( nStatus )
			Call uHTTP.PropGetstatusText( sStatus )
			! Set dfStatus = sStatus || " (" || SalNumberToStrX( nStatus, 0 ) || ")"
			Set sStatus  = sStatus || " (" || SalNumberToStrX( nStatus, 0 ) || ")"
			Set dfErrori = dfErrori || "Send OK - "
			!
			! Get the header info => Commento non serve
			! Call uHTTP.getAllResponseHeaders( sHeaders )
			! Display the header info => Commento non serve
			! Set mlResponse = sHeaders
			!
			! Get the response document
			Call uHTTP.PropGetresponseText( sJSON_Output )
			!
			! Display the response on GUI
			! Set mlResponse = mlResponse || "
					RISPOSTA:
					" || VisStrSubstitute( sResponseText, "}", "}
					" )
		Else
			Set sStatus = "Error send"
			Call uHTTP.GetLastError( oErrore )
	Else
		Set sStatus = "Error opening"
		Call uHTTP.GetLastError( oErrore )
	!
	! Detach/release the object
	Call uHTTP.Release( )
Else
	Set sStatus = "Error create XMLHTTP60"

thanks

TDWiki YouTube Channel · Post by **Dave Rabelink** » 18 Nov 2020, 07:39

Maybe try this. See:

https://markohoven.com/2020/03/06/msxml ... nd-tls1-2/

'force TLS 1.2
XMLServer.Option(9) = 2048
XMLServer.Option(6) = True

EWetzel · Post by **EWetzel** » 18 Nov 2020, 07:41

Hi,

maybe check this:

control panel -> internet options -> extended -> TLS 1.2#

TLS12.png

Enrico

Gideon Schulter · Post by **Gideon Schulter** » 18 Nov 2020, 15:16

Hi,

You might want to check whether supprt for TLS v1.2 is enabled on your server (it might be disabled by default).
Make sure following registry-keys have been set:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

"Enabled"=dword:ffffffff



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"Enabled"=dword:00000001

xenox75 · Post by **xenox75** » 20 Nov 2020, 14:39

Hi EWetzel
on control panel -> internet options -> extended -> TLS 1.2#
TLS 1.2 is enabled

I also tried to disable it and it works the same, I think it doesn't use the internet explorer setting, but the S.O. setting.

xenox75 · Post by **xenox75** » 20 Nov 2020, 14:39

hi Gideon Schulter,

On my client (Windows 10) where it already works I don't have the entry "TLS 1.2" under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\",
How can I force it disabled to see if it gives me error like on the server?

xenox75 · Post by **xenox75** » 20 Nov 2020, 15:01

Hi Dave Rabelink,

To set the options I have this method
Call uHTTP.setOption( Number, Object )

Object is Variant type, as it should be set:
XMLServer.Option(9) = 2048
XMLServer.Option(6) = True

Code: Select all

Call uVariantOptionTLS_num.SetNumber( 2048, VT_I4)
Call uVariantOptionTLS_bol.SetBoolean( TRUE )
Call uHTTP.setOption( 9, uVariantOptionTLS_num )
Call uHTTP.setOption( 6, uVariantOptionTLS_bol )

thanks

xenox75 · Post by **xenox75** » 20 Nov 2020, 18:30

I was able to block the TLS 1.2 from the registry by setting "TLS 1.2" and then "Enabled" = "0".
But disabled there if I then try to force it from application does not work, perhaps the setting of the S.O. prevails.

Team Developer SQLWindows Community Forum

Problem TLS 1.2 with Microsoft XMLHTTP(server)

Problem TLS 1.2 with Microsoft XMLHTTP(server)

Re: Problem TLS 1.2 with Microsoft XMLHTTP(server)

Re: Problem TLS 1.2 with Microsoft XMLHTTP(server)

Re: Problem TLS 1.2 with Microsoft XMLHTTP(server)

Re: Problem TLS 1.2 with Microsoft XMLHTTP(server)

Re: Problem TLS 1.2 with Microsoft XMLHTTP(server)

Re: Problem TLS 1.2 with Microsoft XMLHTTP(server)

Re: Problem TLS 1.2 with Microsoft XMLHTTP(server)

Who is online