10-28-2014 01:48 PM
We have an older application that was written in classic ASP and uses the MSXML2.ServerXMLHttp object to send transactions to Authorize.Net. How can we tell if it's communicating via TLS so that the application will continue to work when Authorize.Net shuts off SSL v3? The Authorize.Net sample code for Classic ASP uses the Microsoft.XMLHTTP object, but from what I can tell they are essentially the same, but I guess the question becomes, is their sample code still valid and is there something else we should look to do to force TLS instead of SSL?
Thanks in advance,
10-30-2014 09:27 AM
The simplest thing to do is to connect to any of the Sandbox API endpoints. If you're using https://secure.authorize.net/gateway/transact.dll, switch to https://test.authorize.net/gateway/transact.dll. Sandbox no longer supports SSL v3, so if you can connect to Sandbox, you should be OK for now.
Check our blog post about POODLE, where there is more information about how to test and validate your solution.
That said, you should consider upgrading. If you're running classic ASP, you're likely using Windows Server 2003, which doesn't support any security protocol stronger than TLS 1.0. Windows Server 2008 R2 or greater will support TLS 1.1 and TLS 1.2, and also supports .NET's stronger security in general.