【发布时间】:2021-07-20 10:25:03
【问题描述】:
我看到这个问题四处流传,但还没有答案。我的服务器使用 TLS 1.2,就像我请求的服务器一样
<!--#INCLUDE virtual="/json/jsonObject.class.asp"-->
<%
Session.LCID=2057
Dim jsonString, jsonObj, outputObj
Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
xmlhttp.SetOption 2, xmlhttp.GetOption(2)
xmlhttp.open "POST", "https://xxx.domain/api/auth", 0
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
xmlhttp.send "ClientId=X&ClientSecret=Y&GrantType=Z"
jsonString = xmlhttp.responseText
response.write(jsonString)
Set xmlhttp = Nothing
set jsonObj = new JSONobject
set outputObj = jsonObj.parse(jsonString)
'response.write(outputObj("access_token"))
%>
这给了我
msxml6.dll error '80072f7d'
An error occurred in the secure channel support
我看到了一些关于从 ServerXMLHTTP 中删除服务器的建议,所以我这样做了,我得到了
Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method: 'xmlhttp.GetOption'
我解决了这个问题,然后它说不支持 SetOption。我完全删除了那行,然后它说 ClientID 没有被发送
当我尝试使用 https://markohoven.com/2020/03/06/msxml2-serverxmlhttp-and-tls1-2/ 时,我得到了
Microsoft VBScript runtime error '800a0005'
Invalid procedure call or argument: 'XMLServer.Option'
然后我尝试了以下
<%
Set winhttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
winhttp.open "GET", "https://howsmyssl.com/a/check", False
winhttp.Send
Response.Write winhttp.responseText
%>
这表明我没有使用 TLS 1.2?
{
"given_cipher_suites": ["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_RC4_128_SHA", "TLS_RSA_WITH_RC4_128_MD5"],
"ephemeral_keys_supported": true,
"session_ticket_supported": false,
"tls_compression_supported": false,
"unknown_cipher_suite_supported": false,
"beast_vuln": true,
"able_to_detect_n_minus_one_splitting": false,
"insecure_cipher_suites": {
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": ["uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"],
"TLS_RSA_WITH_3DES_EDE_CBC_SHA": ["uses 3DES which is vulnerable to the Sweet32 attack but was not configured as a fallback in the ciphersuite order"],
"TLS_RSA_WITH_RC4_128_MD5": ["uses RC4 which has insecure biases in its output"],
"TLS_RSA_WITH_RC4_128_SHA": ["uses RC4 which has insecure biases in its output"]
},
"tls_version": "TLS 1.0",
"rating": "Bad"
}
我正在使用 Windows Server 2008 的服务器。我还能做些什么吗?
【问题讨论】:
-
很遗憾没有
-
问题是您使用的是早于 TLS 1.2 的 Windows Server 2008,我们必须升级旧服务器才能使 TLS 1.2 正常工作。我认为如果它运行的是 Windows Server 2008 R2,那就没问题了。 One of the answers 在该重复目标中建议添加注册表项以支持 TLS 1.2,不确定您是否尝试过但看不出这有什么帮助,这与您面临的问题几乎相同。
标签: asp-classic