问题
I'm working with a classic asp script that I inherited. I'm trying to connect with TLS 1.2, but am having issues. I get a 500 Error when I try to run the following:
<%
Const WinHttpRequestOption_SecureProtocols = 9
Const SecureProtocol_SSL2 = 8, SecureProtocol_SSL3 = 32, _
SecureProtocol_TLS1 = 128, SecureProtocol_TLS1_1 = 512, _
SecureProtocol_TLS1_2 = 2048
Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
objHttp.option(9) = 128
objHttp.open "GET", "https://howsmyssl.com/a/check", false
objHttp.Send
Response.Write objHttp.responseText
Set objHttp = Nothing
%>
If I eliminate the option(9), it runs just fine, but doesn't connect via TLS 1.2. The server registry has already been updated and a check of the server via SSL Labs (https://www.ssllabs.com/ssltest/index.html) shows that the server is all set for TLS 1.2.
This is on a Windows 2008 Server (Not R2). Any ideas on how I can get things to run TLS 1.2?
回答1:
WinHttp on Windows 2008/Vista doesn't support TLS 1.1 or TLS 1.2. If I use Object Browser in Visual Studio to examine a winhttp.dll from a Windows 2008 machine you will notice in the screenshot below the WinHttpRequestSecureProtocols enum doesn't have SecureProtocol_TLS1_1 or SecureProtocol_TLS_1_2.
Compare this to a Windows 10 machine:
KB3140245 allows a registry change to default WinHttp to TLS 1.1 and/or TLS 1.2, doing so gets around the issue of not being able to set TLS 1.1 or TLS 1.2 programmatically, but there is no update for Windows 2008, only Windows 2008 R2 and higher. Windows Server 2016 supports this natively, so I would recommend updating to Server 2016 if possible.
来源:https://stackoverflow.com/questions/49497058/classic-asp-tls-1-2-issue