2

I am trying to set TLSv1.1 or v1.2 from C++ (Win) code using cpprest API calls as mentioned. But WinHttpSetOption() is failing with error ERROR_INTERNET_INCORRECT_HANDLE_TYPE (12018).

OS:Windows(7/8)

  1. Tried to set TLSv1.1 and TLS1.2 from registry setting did not work.
  2. Tried to get OpenSLL but opensll1.0.1(which supports TLS1.1 and more) is not available for windows.
  3. Tried to get other than native handle did not find API 
auto func = [&](web::http::client::native_handle handle){
    BOOL win32Result{ FALSE };
    DWORD secure_protocols{ WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1
        | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 };
    win32Result = ::WinHttpSetOption(handle,
        WINHTTP_OPTION_SECURE_PROTOCOLS,
        &secure_protocols,
        sizeof(secure_protocols));
    if (FALSE == win32Result) {
        std::cout << "Can not set TLS 1.1 or TLS 1.2." << std::endl;
        auto err = GetLastError();
        CString cstr;
        cstr.Format(_T("err = %d"),err);
        AfxMessageBox(cstr);
    }
};
config.set_validate_certificates(false);
config.set_nativehandle_options(func);

Please help me to set TLSv1.1 or v1.2 using C++ REST API. Or how to make WinHttpSetOption() successful.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Sunandan Nandi
  • 64
  • 7
  • OpenSSL 1.0.1 is not *available* for Windows ? Not that you would want that version, as 1.0.2 has a considerably vulnerability fix list, did you actually fetch it and try to build it yourself from [their github](https://github.com/openssl/openssl/tree/OpenSSL_1_0_1-stable) ? – WhozCraig Feb 14 '19 at 18:43
  • @WhozCraig pre-built DLLs for OpenSSL 1.0.2 are available for Windows. They are even linked to on OpenSSL's wiki: [Binaries](https://wiki.openssl.org/index.php/Binaries) – Remy Lebeau Feb 14 '19 at 19:39
  • @RemyLebeau I'm aware of that. I was simply pointing out that if you really want 1.0.1 for Windows, it can always be built if the need warrants. – WhozCraig Feb 14 '19 at 22:13

2 Answers2

2

Using WinHttpOpen we can get "session handle" which can be passed to WinHttpSetOption(). This resolve the error "ERROR_INTERNET_INCORRECT_HANDLE_TYPE ".

HINTERNET hSession = WinHttpOpen(L"<Application name>",
    WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
    WINHTTP_NO_PROXY_NAME,
    WINHTTP_NO_PROXY_BYPASS, 0);

Though i am setting the TLS version to 1.2/1.1. Still my "http_request" is using TLSv1.0 which is default in Windows 7/8.1.(This is can confirm using wireshark)

Can any one let me know why "http_request" still using TLS1.0.

Sunandan Nandi
  • 64
  • 7
0

Please try installing this update:

https://support.microsoft.com/en-gb/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

"This update provides support for Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1."

Arundale Ramanathan
  • 1,781
  • 1
  • 18
  • 25