2

APIGee is migrating the request to TLS 1.2

OS: Windows Server 2003 !!!

I have an old application developed in vb6, but it stopped working because of this new migration

Here is my code

Public Function GetCustomerName(ByVal pCPFCliente As String) As String
    Dim xmlhttp As MSXML2.ServerXMLHTTP
    Set xmlhttp = New MSXML2.ServerXMLHTTP


    xmlhttp.Open "GET", const_URL & "/customer=" & pCPFCliente & "&identification.type=CPF", False
    xmlhttp.setRequestHeader "Content-Type", "application/json"
    xmlhttp.setRequestHeader "Authorization", const_TOKEN
    xmlhttp.send

    Dim objJson As Object
    Set objJson = JSON.parse(xmlhttp.responseText)
    Dim lacoRecord As Integer
    Dim customerName As String
    customerName = ""

    If xmlhttp.Status = 200 Then
        For lacoRecord = 1 To objJson.Item("records").Count
            customerName = objJson.Item("records")(lacoRecord).Item("name")
        Next
    ElseIf xmlhttp.Status = 404 Then
        If objJson.Item("errorCode") = 20023 Then
            Call WriteLogManual("CONSULTA CPF", "Cliente não encontrado! " & pCPFCliente, pPedido, 0, 0, 0, 0, 0)
        Else
            Call WriteLogManual("CONSULTA CPF", "Erro ao consultar CPF " & pCPFCliente & " - " & xmlhttp.responseText, pPedido, 0, 0, 0, 0, 0)
        End If
    ElseIf xmlhttp.Status = 503 Then
        MsgBox "Ocorreu um erro 503 ao buscar o CPF do Cliente na API. " & Chr(13) & xmlhttp.responseText
        Call WriteLogManual("CONSULTA CPF", "Erro ao consultar saldo na ApiGee - " & xmlhttp.responseText, pPedido, 0, 0, 0, 0, 0)
    Else
        MsgBox "Ocorreu um erro ao buscar o saldo do Cliente na API. " & Chr(13) & xmlhttp.responseText
        Call WriteLogManual("CONSULTA CPF", "Erro ao consultar saldo na ApiGee - " & xmlhttp.responseText, pPedido, 0, 0, 0, 0, 0)
    End If

    GetCustomerName = customerName
End Function
Leonardo Nascimento Cintra
  • 45
  • 1
  • 2
  • 8
  • 2
    The object you are using is a WinHttp wrapper. In any case to use TLS 1.2 through WinHttp you must be on Windows 10 or else have installed an update and then enabled the newer ciphers via registry settings. This is not a programming issue but a system administration issue and has nothing to do with VB6. – Bob77 Jul 12 '18 at 15:26
  • @Bob77 my production machine is Windows Server 2003 – Leonardo Nascimento Cintra Jul 17 '18 at 20:19
  • 2
    Server 2003 is **END OF LIFE**, and has been for several years now! It no longer gets any updates... _not even critical security patches,_ even for known vulnerabilities. It's dangerous and irresponsible to still be using it. Updating to a supported server is priority #1 here. – Joel Coehoorn Jul 23 '18 at 13:30
  • @Joel Coehoom Very few people here would be unaware that 2003 is no longer supported by MS. – david Dec 11 '19 at 00:43
  • You can use [cHttRequest](https://github.com/wqweto/VbAsyncSocket/blob/master/contrib/cHttpRequest.cls) source-compatible replacement class. Using the VB6+thunks TLS backend it supports TLS 1.3 and TLS 1.2 on every Windows starting with NT 4.0 – wqw Jan 08 '22 at 17:26

1 Answers1

1

In order to use updated TLS protocols, the underlying WinHTTP services on Windows need to be updated. This really isn't specific to VB6, it's for all applications that use the WinHTTP libraries on Windows.

Microsoft has instructions for applying the update to Windows 7, Windows Server 2008 R2, and Windows Server 2012 in KB 3140245. One also has to update the DefaultSecureProtocols values in the Registry to enable TLS 1.2 (and other desired versions) by default.

If you're using an older version of Windows, the WinHTTP library doesn't support TLS newer than 1.0 (and as you're not getting security updates for the operating system anymore, that's probably the least of your worries). You'd need to use some other HTTPS library that doesn't use the underlying OS Schannel library for handling its encryption, though I don't know of anything easily integrated into VB6 offhand. Upgrading the server to a supported version of Windows may be the easiest approach.

  • windows server 2003 :( – Leonardo Nascimento Cintra Jul 24 '18 at 19:19
  • @LeonardoNascimentoCintra I've just added a paragraph on how earlier versions of Windows won't support TLS 1.2 using WinHTTP at all. –  Jul 24 '18 at 20:33
  • the application uses a dependency that needs the 32bit version. It really did not work, we are studying new alternatives. Ty @Peter Cooper Jr. – Leonardo Nascimento Cintra Aug 01 '18 at 19:00
  • @LeonardoNascimentoCintra You may be able to upgrade to a 32-bit version of a supported Windows version. Though when I said that upgrading "may be the easiest approach", I wasn't trying to imply that it'd be *easy*, just that other options may be even more complicated. –  Aug 03 '18 at 13:14
  • Late reply here, and I didn't test all scenarios like an unsupported OS, but I made a .NET Framework DLL and ticked a box in the properties that made it available as a COM Interop. I then had the VB6 app use that interop to call a secure web service. That was VB6 (IDE) on Windows 10, maybe Windows 7; I can't remember when I upgraded. I'm not sure if my solution would have worked on older machines. – ps2goat Aug 17 '23 at 06:34