logo标签列表

经典 ASP 出站 TLS 1.2

asp.netssltls1.2
9
我们使用Web API调用UPS来检查地址信息。他们要求使用TLS 1.2,但这个切换破坏了我们的页面。
<%

If ACTION="Verify" and ncSCountry="USA" and ncSState<>"PR" and ncSState<>"AA" and ncSState<>"AP" and ncSState<>"AE" then

    Dim sXML 

    sXML = "<?xml version='1.0'?>"
    sXML = sXML & "<AccessRequest xml:lang='en-US'>"
    sXML = sXML & "<AccessLicenseNumber>XXXXXX</AccessLicenseNumber>"
    sXML = sXML & "<UserId>XXXX</UserId>"
    sXML = sXML & "<Password>XXXX</Password>"
    sXML = sXML & "</AccessRequest>"
    sXML = sXML & "<?xml version='1.0'?>"
    sXML = sXML & "<AddressValidationRequest xml:lang='en-US'>"
    sXML = sXML & "<Request>"
    sXML = sXML & "<TransactionReference>"
    sXML = sXML & "<CustomerContext /><XpciVersion>1.0001</XpciVersion>"
    sXML = sXML & "</TransactionReference>"
    sXML = sXML & "<RequestAction>XAV</RequestAction>"
    sXML = sXML & "<RequestOption>1</RequestOption></Request>"
    sXML = sXML & "<MaximumListSize>1</MaximumListSize>"
    sXML = sXML & "<AddressKeyFormat>"
    sXML = sXML & "<ConsigneeName></ConsigneeName>"
    sXML = sXML & "<BuildingName></BuildingName>"
    sXML = sXML & "<AddressLine>" & ncSAddr1   & "</AddressLine>"
    sXML = sXML & "<AddressLine>" & ncSAddr2   & "</AddressLine>"
    sXML = sXML & "<AddressLine></AddressLine>"
    sXML = sXML & "<PoliticalDivision2>" & ncSCity & "</PoliticalDivision2>"
    sXML = sXML & "<PoliticalDivision1>" & ncSState & "</PoliticalDivision1>"
    sXML = sXML & "<PostcodePrimaryLow>" &  ncSZip   & "</PostcodePrimaryLow>"
    sXML = sXML & "<CountryCode>US</CountryCode>"
    sXML = sXML & "</AddressKeyFormat>"
    sXML = sXML & "</AddressValidationRequest>"


    'Now pass the request to UPS
    Dim xmlhttp4, sResponseXML, myDoc
    Set xmlhttp4 = CreateObject("WinHttp.WinHttpRequest.5.1")
    'Set xmlhttp4 = CreateObject("MSXML2.ServerXMLHTTP")
    xmlhttp4.Open "POST","https://onlinetools.ups.com/ups.app/xml/XAV", false
    xmlhttp4.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    xmlhttp4.send(sXML)
    If xmlhttp4.Status >= 400 And xmlhttp4.Status <= 599 Then
        'Response.Write( "Error Occurred : " & xmlhttp.Status & " - " & xmlhttp.statusText)
        sResponseXML = "</empty>"
    Else
        sResponseXML = xmlhttp4.responseText
    End If

    Set myDoc=CreateObject("Microsoft.XMLDOM")
    myDoc.loadXML(sResponseXML)
    myDoc.async = false

    Dim addressline, addressline2, city, state, zip, zip4, responsestatus

    Dim root, NodeList, x
    Set root = myDoc.DocumentElement
    If myDoc.hasChildNodes then 
        Set NodeList = root.SelectNodes("AddressKeyFormat")
        For x = 0 To (NodeList.Length - 1)
            city = NodeList.Item(x).SelectSingleNode("PoliticalDivision2").Text
            state = NodeList.Item(x).SelectSingleNode("PoliticalDivision1").Text
            addressline = NodeList.Item(x).SelectSingleNode("AddressLine").Text

            addressline2=NodeList.Item(x).SelectSingleNode("AddressLine").NextSibling.nodename
            if addressline2="AddressLine" then
                addressline2=NodeList.Item(x).SelectSingleNode("AddressLine").NextSibling.Text
            Else
                addressline2=""
            ENd if

            zip = NodeList.Item(x).SelectSingleNode("PostcodePrimaryLow").Text
            zip4 = NodeList.Item(x).SelectSingleNode("PostcodeExtendedLow").Text
        Next
    End If

    Dim startcust3, endcust3
    startcust3=instr(sresponseXML, "<ResponseStatusCode>")
    endcust3 = instr(sresponseXML, "</ResponseStatusCode>")
    responsestatus=Mid(sResponseXML,startcust3+20,(endcust3-startcust3-20))

ENd if


%>

我已经尝试过进行这个转换,但感觉好像缺少了些什么。

Set xmlhttp4 = CreateObject("WinHttp.WinHttpRequest.5.1")
'Set xmlhttp4 = CreateObject("MSXML2.ServerXMLHTTP")
请尝试查看此SO文章中的回复:https://dev59.com/yIjca4cB1Zd3GeqP2tzQ - dmarietta
你尝试过将你正在使用的任何HTTP客户端设置为使用TLS 1.2吗?我看到有人说这可能需要.NET 4.5+ https://dev59.com/lW855IYBdhLWcg3wy3sc - Don Cheadle
1个回答
20

我找到了一个通过简单注册表修复的解决方案。

1)注册TLS 1.2协议:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

2)将TLS 1.2配置为32位应用程序的默认值:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

3) 将TLS 1.2配置为64位应用程序的默认选项:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

4) 重新启动服务器

如果您需要仅支持TLS 1.1:

  • 在上述第1步中,将“TLS 1.2”更改为“TLS 1.1”,并应用新的注册表修复
  • 在上述第2步和第3步中,将值“00000800”更改为“00000200”,并应用新的注册表修复

如果您需要支持TLS 1.1和1.2:

  • 从上述步骤1)中重复两次以注册两个协议
  • 在上述第2步和第3步中使用值“00000A00”(即“00000800” + “00000200”的组合)

检查代码:

<%
Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
objHttp.open "GET", "https://howsmyssl.com/a/check", False
objHttp.Send
Response.Write objHttp.responseText 
Set objHttp = Nothing 
%>

在响应结束时,您应该看到请求使用的TLS版本。

"tls_version":"TLS 1.2"
1
这对我没有任何改变。使用Windows 2008 R2,SP1。我仍然收到“与服务器的连接异常终止”错误。 - kneidels
当这个修复方法无法解决问题时,我在其中一台服务器上遇到了问题。 我注意到那里的winhttp.dll版本较旧。 我通过安装KB3140245来解决它- 它更新了该库: https://support.microsoft.com/en-us/kb/3140245 - Anton Palyok
我可以确认上述内容 - 我需要先从这里http://www.catalog.update.microsoft.com/search.aspx?q=kb3140245应用kb3140245,然后应用“易修复”并添加他们在此处https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi描述的默认密钥。对于我来说,我将512(十进制)作为启用TLS1.1的默认值添加。然后,winhttp调用在代码中使用TLS1.1作为默认值。 - Ralpharama
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接