WinHTTP.WinHTTPRequest.5.1 does not work with PayPal sandbox after TLS 1.2

PayPal sandbox just recently restricted to TLS 1.2 connection. This makes our site stop working with PayPal sandbox although it stills work with the production PayPal. In the future the production PayPal will have the same restriction. We're using classic ASP and Microsoft WinHTTP.WinHTTPRequest.5.1 component for communication with PayPal. Here's the code below. objHttp.StatusText returns "Bad Request". We're on Windows Server 2008 R2. I tried to use MSXML2.ServerXMLHTTP.6.0 instead, but it only works on my Windows 8.1 development machine, not on our Windows Server 2008 R2. Although MSXML2.ServerXMLHTTP.6.0 is a superset of WinHTTP.WinHTTPRequest.5.1, but it is less reliable than WinHTTP.WinHTTPRequest.5.1. Our code fails a few times a day using MSXML2.ServerXMLHTTP.6.0 in the past, so I prefer using WinHTTP.WinHTTPRequest.5.1. I'm also not confident in this line of code: objHttp.Option(9) = &H0AA0 . A workaround that we're using is calling the WebAPI for sending message to PayPal; however, this causes an extra minor delay.

dim objHttp
Set objHttp = Server.CreateObject("WinHTTP.WinHTTPRequest.5.1")
dim WinHttpRequestOption_EnableHttp1_1 : WinHttpRequestOption_EnableHttp1_1 = 17
objHttp.Option(WinHttpRequestOption_EnableHttp1_1) = False

dim WinHttpRequestOption_SslErrorIgnoreFlags : WinHttpRequestOption_SslErrorIgnoreFlags=4
objHttp.Option(WinHttpRequestOption_SslErrorIgnoreFlags) = &H3300
objHttp.setTimeouts 0, 120000, 120000, 120000 
objHttp.Option(9) = &H0AA0 '2720
objHttp.open "post", "" & "https://api-3t.sandbox.paypal.com/2.0/" & "", False
strRequest = SetExpressCheckoutSOAP(returnURL, cancelURL)
objHttp.setRequestHeader "Content-Type", "text/xml; charset=utf-8"
objHttp.setRequestHeader "Content-Length", Len(strRequest)

objHttp.setRequestHeader "Host", "api-3t.sandbox.paypal.com"
Call objHttp.send(strRequest)
if objHttp.Status = 200 then
   resp = objHttp.responseText
else
   response.write objHttp.StatusText
end if

WebAPI invoke code:

dim webapiresp, webapidata
webapidata = "{""url"":""" & gv_APIEndpoint & """, ""message"":""" & nvpStrComplete & """,""soap"":0}"
webapiresp=InvokeWebAPI(strApiDomain, "POST", "comm/send", "", webapidata)
        set reply=JSON.parse(webapiresp)
        resp = reply.xml

Function InvokeWebAPI(strApiDomain, method, funcname, param, data)
dim HttpReq, apiURI, resp

set HttpReq=Server.CreateObject("MSXML2.ServerXMLHTTP")
'apiURI=strApiDomain & funcname & param
apiURI=strApiDomain & "api/" & funcname & param


HttpReq.open method, apiURI, false

HttpReq.setRequestHeader "Content-Type", "application/json; charset=UTF-8"
HttpReq.setRequestHeader "SOAPAction", apiURI
HttpReq.setRequestHeader "Authorization", "Basic " & Base64Encode("xxx:xxx")

if data <> "" then
    HttpReq.send data
else
    HttpReq.send 
end if

resp = HttpReq.responseText

set HttpReq=Nothing

InvokeWebAPI = resp
End Function

My application is written in ASP classic and I use WinHttp.WinHttpRequest.5.1in place of MSXML2.ServerXMLHTTP.6.0. to post to paypal sandbox url.

What works for me is telling the WinHttp.WinHttpRequest.5.1 objec to use TLS 1.2:

Set

httpRequest = Server.CreateObject("WinHttp.WinHttpRequest.5.1")
httpRequest.option (9) = 2720

All that on Windows Server 2012

WinHTTP.WinHTTPRequest.5.1 does not work with - jQuery, WinHTTP.WinHTTPRequest.5.1 does not work with PayPal sandbox after TLS 1.2 - paypal. KB3140245 allows a registry change to default WinHttp to TLS 1.1 and/or TLS 1.2, doing so gets around the issue of not being able to set TLS 1.1 or TLS 1.2 programmatically, but there is no update for Windows 2008, only Windows 2008 R2 and higher. Windows Server 2016 supports this natively, so I would recommend updating to Server 2016 if possible.


This option:

httpRequest.option (9) = 2720

Works only in Windows 2012 and newer

System library "winhttp.dll" of Windows 2008 R2 has only record for TLS 1.0 what equal to:

httpRequest.option (9) = 128

The other values will drop an exception.

But I found a solution which requires only changes in registry, without any additional changes in code. See details here: Classic ASP Outbound TLS 1.2

winhttp.dll on windows 2008 r2 x64 : The Official Microsoft IIS Forums, WinHttpRequest.5.1 object and the PCI DSS provider upgrade to TLS 1.1 and TLS 1.2 the problem is only in Win7 x64 and Win2008 R2 x64 Yes I enable TLS 1.1 and TLS 1.2 on Win7 and on Win2008 R2 /35089900/winhttp-​winhttprequest-5-1-does-not-work-with-paypal-sandbox-after-tls-1-2. Reply. I also hope you all are shifted to TLS 1.2 and tested your integration on PayPal Sandbox. PayPal Sandbox is already upgraded to TLS 1.2 and if your integration is working fine here then you are safe. Else you still have some time to migrate your code logic till June when PayPal will shift to LIVE on TLS 1.2.


I had the exact same issue, but rather than setting option(9) a.k.a WinHttpRequestOption_SecureProtocols I needed to add support for TLS 1.2 in WinHttp itself

See article below, where you can run "Easy Fix" or add registry keys manually

https://support.microsoft.com/en-gb/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Poloniex API, Hi, Excel shows me always a runtime error the channel is not secured if I try to https://stackoverflow.com/questions/35089900/winhttp-winhttprequest-5-1-does-​not-work-with-paypal-sandbox-after-tls-1-2 Just checked: Poloniex only seems to support TLS 1.0 and 1.2 WinHttpRequest.5.1") objHTTP. PayPal sandbox just recently restricted to TLS 1.2 connection. This makes our site stop working with PayPal sandbox although it stills work with the production PayPal. In the future the production PayPal will have the same restriction. We're using classic ASP and Microsoft WinHTTP.WinHTTPRequest.5.1 component for communication with PayPal.


First you need to enable support for TLS 1.2 on the server (I prefer to use the free IISCrypto tool from Nartac Software)

Then you can change the default behaviour by the setting following registry key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

If you are using 32 bit applications, you also need this key:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000800

PayPal TLS Classic ASP ASP.net and PHP test script – Online , PayPal Sandbox is already upgraded to TLS 1.2 and if your integration is working fine here then you are safe. Else you still have some time to WinHTTPRequest.​5.1”) http_obj.open “POST”, destURL , On failure: One of the following errors will occur depending on what your system does not support: If you need support of TLS 1.1 only then: On step 1) above simply change "TLS 1.2" to "TLS 1.1" and apply new registry fix; On steps 2) and 3) above change value "00000800" to "00000200" and apply new registry fix; If you need support of both TLS 1.1 and 1.2 then. Repeat step 1) from above two times two register both protocols


sandbox by ishkawa, Instagram API - Receiving public_content in sandbox mode; WinHTTP.​WinHTTPRequest.5.1 does not work with PayPal sandbox after TLS 1.2  There must be a secure development process, which describes the standards that help make the site secure, and all relevant staff (which need not be all developers) should be trained on secure development techniques. There must be a way by which the site security process can be demonstrated to be working. This could occur through the use of


vbscript, when on error resume next removed in paypalfunctions.asp following error; does know how can workaround winhttp.winhttprequest.5.1 using this not mean winhttp.winhttprequest.5.1 doesn't work means wrong protocol being used make http 512 'tls 1.1 const secureprotocol_tls1_2 = 2048 'tls 1.2. Cookies help us customise PayPal for you, and some are necessary to make our site work. Cookies also allow us to show you personalised offers and promotions, both on and off our site. Of course, you're in control. You can manage your cookies at any time.


Classic ASP modification to PayPal Express Checkout No Longer , WinHTTP.WinHTTPRequest.5.1 is apparently no longer working. At least this is what we All of these have now stopped working since PayPal's last update. TLS 1.1 or TLS 1.2 protocols necessary to communicate with the PayPal Sandbox. We can't send https requests to our payments processors using windows 7 with winhttp.dll or msxml6.dll because isn't supporting TLS 1.1 and TLS 1.2 on Windows 7 and windows 2008 R2 server I have the