Hi everyone,
I have been following this thread since 3/1/18 when payments on an asp.classic website I created for my client over 11 years ago stopped working. I have been trying to resolve the issue since then. I do not manage the server so I am working with the server manager.
Due to power issues on the east coast of the US, we got delayed with the fix. We fortunately have a manual workaround to continue billing but it is cumbersome and we really need to resolve this issue.
The backend database is SQL Server 2012 Express on Windows Server 2012.
Based on the helpful comments in this thread, the server manager followed steps to enable TLS 1.2 and explained what she did as follows:
-------------------------------------
We ran the link you email us for tls 1.2 (see below). All ran OK. We then checked the 2 registry setting that were added per your article to note.
Details.
Your link “Here’s a link from Microsoft about server changes to enable TLS 1.2:
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-s...”
Per article, downloaded and checked registry setting as outlined in the article.
“Easy fix
To add the DefaultSecureProtocols registry subkey automatically, click the Download button. In the File Download dialog box, click Run or Open, and then follow the steps in the easy fix wizard.
Notes
- This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
- If you are not on the computer that has the problem, save the easy fix solution to a flash drive or a CD and then run it on the computer that has the problem.
Download
Note In addition to the DefaultSecureProtocols registry subkey, the Easy fix also adds the SecureProtocols at the following location to help enable TLS 1.1 and 1.2 for Internet Explorer.
The SecureProtocols registry entry that has value 0xA80 for enabling TLS 1.1 and 1.2 will be added in the following paths:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings”
------------------------------------------
Unfortunately, after the above changes were made on the server, my tests indicate the problem is still not resolved. All the tests explained in this thread still show TLS "Bad" and that TLS 1.0 is used, not 1.2. When I evaluate the security on the website on the link provided, I now see TLS 1.2 is enabled but TLS 1.0 and 1.1 are still enabled.
Should TLS 1.0 and 1.1 be disabled? If so, how can that be accomplished?
Here is the simple code I use to connect to authorize.net. I changed identifying codes to xxxx.
-------------
function process_card()
Dim x_version, x_delim_data, x_relay_response
Dim x_amount, x_card_num, x_exp_date, x_type
Dim x_first_name, x_last_name, x_company, x_address
Dim x_city, x_state, x_zip, x_phone, x_fax, x_card_code, x_email, x_email_customer
x_version = "3.1"
x_delim_data = "TRUE"
x_delim_char = "|"
x_relay_response = "False"
Const x_login = "xxxx"
Const x_tran_key = "xxxx"
x_exp_date = "" ' MMYYYY
x_type = "AUTH_CAPTURE"
x_email_customer = "FALSE"
x_description = "XX Monthly Charge"
x_amount = total_charge
if x_amount = 0 then
return_code = "Amount is zero in process_card"
process_card = false
exit function
end if
x_email = email_address
x_card_num = sr_decode(unescape(ccnum))
x_first_name = unescape(fname)
x_last_name = unescape(lname)
x_company = unescape(company_name)
x_address = unescape(address1and2)
x_city = unescape(city)
x_state = unescape(state)
x_zip = zip
x_phone = client_phone
x_fax = fax
x_card_code = "" 'not using cvc
x_invoice_num = mytollfreenumber & "_" & today_string_for_invoice
x_cust_id = client_id
x_country = "US"
x_ship_to_country = "US" '' not using these now
credit_card_cvc_num = ""
credit_card_expire_month = ccmonexp
credit_card_expire_year = ccyearexp
if Len(credit_card_expire_month) = 1 then
credit_card_expire_month = "0" & credit_card_expire_month
end if
x_exp_date = credit_card_expire_month & credit_card_expire_year
dim vPostData
vPostData = "x_login=" & x_login & "&x_tran_key=" & x_tran_key & "&x_version=" & x_version &_
"&x_delim_data=" & x_delim_data & "&x_delim_char=" & x_delim_char & "&x_relay_response=" & x_relay_response &_
"&x_type=" & x_type & "&x_card_num=" & x_card_num & "&x_exp_date=" & x_exp_date & "&x_card_code=" & x_card_code &_
"&x_amount=" & x_amount & "&x_first_name=" & x_first_name & "&x_last_name=" & x_last_name &_
"&x_company=" & x_company &"&x_address=" & x_address & "&x_city=" & x_city & "&x_state=" &_
x_state &"&x_zip=" & x_zip & "&x_email_customer=" & x_email_customer & "&x_email=" & x_email &_
"&x_phone=" & x_phone & "&x_fax=" & x_fax & "&x_description=" & x_description &_
"&x_recurring_billing=" & "NO" &_
"&x_ship_to_first_name=" & x_first_name & "&x_ship_to_last_name=" & x_last_name &_
"&x_ship_to_company=" & x_company & "&x_ship_to_address=" & x_address &_
"&x_ship_to_city=" & x_city & "&x_ship_to_state=" & x_state & "&x_ship_to_zip=" & x_zip &_
"&x_invoice_num=" & x_invoice_num & "&x_cust_id=" & x_cust_id
Dim xml
Dim strStatus
Dim strRetval
Set xml = Createobject("MSXML2.ServerXMLHTTP")
xml.open "POST", "https://secure.authorize.net/gateway/transact.dll", false
xml.send vPostData
strStatus = xml.Status
strRetval = xml.responseText
Set xml = nothing
Dim strArrayVal
strArrayVal = split(strRetVal, "|", -1)
arrData = strArrayVal
if arrData(0) = 1 then
return_code = arrData(3)
process_card = true
fxn_cc_tran_id = arrData(6)
else
return_code = arrData(3)
process_card = false
end if
end function
-------------
I would appreciate any help. This has been a very frustrating situation.
Thanks,
Alexis