经典ASP TLS 1.2问题 [英] Classic ASP TLS 1.2 issue

问题描述

我正在使用继承的经典asp脚本.我正在尝试连接TLS 1.2，但是遇到了问题.尝试运行以下命令时出现500错误:

 <％常量WinHttpRequestOption_SecureProtocols = 9常量SecureProtocol_SSL2 = 8，SecureProtocol_SSL3 = 32，_SecureProtocol_TLS1 = 128，SecureProtocol_TLS1_1 = 512，_SecureProtocol_TLS1_2 = 2048设置objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")objHttp.option(9)= 128objHttp.open"GET"，"https://howsmyssl.com/a/check"，否objHttp.SendResponse.Write objHttp.responseText设置objHttp = Nothing％> 

如果我取消了option(9)，它可以正常运行，但不能通过TLS 1.2连接.服务器注册表已经更新，并且通过SSL Labs对服务器进行了检查(

将此与Windows 10计算机进行比较:

If I eliminate the option(9), it runs just fine, but doesn't connect via TLS 1.2. The server registry has already been updated and a check of the server via SSL Labs (https://www.ssllabs.com/ssltest/index.html) shows that the server is all set for TLS 1.2.

This is on a Windows 2008 Server (Not R2). Any ideas on how I can get things to run TLS 1.2?

解决方案

WinHttp on Windows 2008/Vista doesn't support TLS 1.1 or TLS 1.2. If I use Object Browser in Visual Studio to examine a winhttp.dll from a Windows 2008 machine you will notice in the screenshot below the WinHttpRequestSecureProtocols enum doesn't have SecureProtocol_TLS1_1 or SecureProtocol_TLS_1_2.

Compare this to a Windows 10 machine:

KB3140245 allows a registry change to default WinHttp to TLS 1.1 and/or TLS 1.2, doing so gets around the issue of not being able to set TLS 1.1 or TLS 1.2 programmatically, but there is no update for Windows 2008, only Windows 2008 R2 and higher. Windows Server 2016 supports this natively, so I would recommend updating to Server 2016 if possible.

这篇关于经典ASP TLS 1.2问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！