asp.net - Classic ASP Outbound TLS 1.2

Question

We use a web API call to UPS to check address information. They are requiring TLS 1.2 and the switch has broken our page.

<%

If ACTION="Verify" and ncSCountry="USA" and ncSState<>"PR" and ncSState<>"AA" and ncSState<>"AP" and ncSState<>"AE" then

    Dim sXML 

    sXML = "<?xml version='1.0'?>"
    sXML = sXML & "<AccessRequest xml:lang='en-US'>"
    sXML = sXML & "<AccessLicenseNumber>XXXXXX</AccessLicenseNumber>"
    sXML = sXML & "<UserId>XXXX</UserId>"
    sXML = sXML & "<Password>XXXX</Password>"
    sXML = sXML & "</AccessRequest>"
    sXML = sXML & "<?xml version='1.0'?>"
    sXML = sXML & "<AddressValidationRequest xml:lang='en-US'>"
    sXML = sXML & "<Request>"
    sXML = sXML & "<TransactionReference>"
    sXML = sXML & "<CustomerContext /><XpciVersion>1.0001</XpciVersion>"
    sXML = sXML & "</TransactionReference>"
    sXML = sXML & "<RequestAction>XAV</RequestAction>"
    sXML = sXML & "<RequestOption>1</RequestOption></Request>"
    sXML = sXML & "<MaximumListSize>1</MaximumListSize>"
    sXML = sXML & "<AddressKeyFormat>"
    sXML = sXML & "<ConsigneeName></ConsigneeName>"
    sXML = sXML & "<BuildingName></BuildingName>"
    sXML = sXML & "<AddressLine>" & ncSAddr1   & "</AddressLine>"
    sXML = sXML & "<AddressLine>" & ncSAddr2   & "</AddressLine>"
    sXML = sXML & "<AddressLine></AddressLine>"
    sXML = sXML & "<PoliticalDivision2>" & ncSCity & "</PoliticalDivision2>"
    sXML = sXML & "<PoliticalDivision1>" & ncSState & "</PoliticalDivision1>"
    sXML = sXML & "<PostcodePrimaryLow>" &  ncSZip   & "</PostcodePrimaryLow>"
    sXML = sXML & "<CountryCode>US</CountryCode>"
    sXML = sXML & "</AddressKeyFormat>"
    sXML = sXML & "</AddressValidationRequest>"


    'Now pass the request to UPS
    Dim xmlhttp4, sResponseXML, myDoc
    Set xmlhttp4 = CreateObject("WinHttp.WinHttpRequest.5.1")
    'Set xmlhttp4 = CreateObject("MSXML2.ServerXMLHTTP")
    xmlhttp4.Open "POST","https://onlinetools.ups.com/ups.app/xml/XAV", false
    xmlhttp4.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    xmlhttp4.send(sXML)
    If xmlhttp4.Status >= 400 And xmlhttp4.Status <= 599 Then
        'Response.Write( "Error Occurred : " & xmlhttp.Status & " - " & xmlhttp.statusText)
        sResponseXML = "</empty>"
    Else
        sResponseXML = xmlhttp4.responseText
    End If

    Set myDoc=CreateObject("Microsoft.XMLDOM")
    myDoc.loadXML(sResponseXML)
    myDoc.async = false

    Dim addressline, addressline2, city, state, zip, zip4, responsestatus

    Dim root, NodeList, x
    Set root = myDoc.DocumentElement
    If myDoc.hasChildNodes then 
        Set NodeList = root.SelectNodes("AddressKeyFormat")
        For x = 0 To (NodeList.Length - 1)
            city = NodeList.Item(x).SelectSingleNode("PoliticalDivision2").Text
            state = NodeList.Item(x).SelectSingleNode("PoliticalDivision1").Text
            addressline = NodeList.Item(x).SelectSingleNode("AddressLine").Text

            addressline2=NodeList.Item(x).SelectSingleNode("AddressLine").NextSibling.nodename
            if addressline2="AddressLine" then
                addressline2=NodeList.Item(x).SelectSingleNode("AddressLine").NextSibling.Text
            Else
                addressline2=""
            ENd if

            zip = NodeList.Item(x).SelectSingleNode("PostcodePrimaryLow").Text
            zip4 = NodeList.Item(x).SelectSingleNode("PostcodeExtendedLow").Text
        Next
    End If

    Dim startcust3, endcust3
    startcust3=instr(sresponseXML, "<ResponseStatusCode>")
    endcust3 = instr(sresponseXML, "</ResponseStatusCode>")
    responsestatus=Mid(sResponseXML,startcust3+20,(endcust3-startcust3-20))

ENd if


%>

I have already tried to make this switch, but I feel like I am missing something.

Set xmlhttp4 = CreateObject("WinHttp.WinHttpRequest.5.1")
'Set xmlhttp4 = CreateObject("MSXML2.ServerXMLHTTP")

Answer 1

I found a solution with a simple registry fix.

1) Register TLS 1.2 Protocol:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

2) Configure TLS 1.2 to be default in 32 bit applications:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWinHttp]
"DefaultSecureProtocols"=dword:00000800

3) Configure TLS 1.2 to be default in 64 bit applications:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionInternet SettingsWinHttp]
"DefaultSecureProtocols"=dword:00000800

4) Restart server

If you need support of TLS 1.1 only then:

• On step 1) above simply change "TLS 1.2" to "TLS 1.1" and apply new registry fix
• On steps 2) and 3) above change value "00000800" to "00000200" and apply new registry fix

If you need support of both TLS 1.1 and 1.2 then

• Repeat step 1) from above two times two register both protocols
• On steps 2) and 3) use value "00000A00" (what is combination of "00000800" + "00000200")

Code for verification:

<%
Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
objHttp.open "GET", "https://howsmyssl.com/a/check", False
objHttp.Send
Response.Write objHttp.responseText 
Set objHttp = Nothing 
%>

At the end of response you should see version of TLS used by request

"tls_version":"TLS 1.2"