-
Nov 16th, 2017, 11:00 PM
#1
Thread Starter
Fanatic Member
[RESOLVED] https vs http
I am using VB6 on a Win7 Pro operating system. I have a program that goes after some data on the internet. I am using the reference 'Microsoft WinHttp Services, version 5.1'. Everything worked fine until yesterday. The format of the page on the internet has not changed. But part of the address has changed. Instead of starting with http it now starts with https. My old favorite in IE11 still has the http in the address and it still gets he correct web page.
I am not sure how to correct the problem!
Any help would be appreciated.
Thank
-
Nov 17th, 2017, 01:20 AM
#2
Fanatic Member
Re: https vs http
First, newer HTTPS protocol revision = force it has installed IE11 forcefully. Don't work with any previous IE.
This rule was about the security bugfix which changes the https protocol. Not all HTTPs websites uses the latest revision. But NEW just changed to HTtPS protocol will use the latest revision.
and that it is.
the symptoms of this, the app if observer ChangeState, it try to connect 3 times and then returns error. If using the MSINET by example. But is the same.
-
Nov 17th, 2017, 10:53 AM
#3
Re: https vs http
Many sites have switched from using HTTP to secure HTTPS as a general policy. In some cases they'll do it because Google and others lowered page rankings or dropped them altogether for HTTP URLs.
Some sites will assist users with old shortcuts by keeping their HTTP URLs active with a redirect to the moved page at the new HTTPS URL.
Browsers normally follow redirects silently. WinInet also does so, being part of IE. WinHttp also does this by default, but if you have turned WinHttpRequestOption_EnableRedirects off then it will not. This seems unlikely.
Another issue is that not very long ago many sites stopped using an old SSL/TLS cipher suite because it was insecure. Microsoft has updated many versions of Windows with the new ciphers and changed the defaults in IE/WinInet and WinHttp to use them. Windows XP is a dead OS, but the security issue was severe enough and the impact of its "fix" so broad that a patch was produced for XP as well, but you might not get it unless you manually download and install it on XP.
But see Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows:
Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols. This is because the definition of this flag doesn't include these applications and services.
This update adds support for DefaultSecureProtocols registry entry that allows the system administrator to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used.
This can allow certain applications that were built to use the WinHTTP default flag to be able to leverage the newer TLS 1.2 or TLS 1.1 protocols natively without any need for updates to the application.
This is the case for some Microsoft Office applications when they open documents from a SharePoint library or a Web Folder, IP-HTTPS tunnels for DirectAccess connectivity, and other applications by using technologies such as WebClient by using WebDav, WinRM, and others.
This update will not change the behavior of applications that are manually setting the secure protocols instead of pass the default flag.
Most likely you are letting the option default. If so then which cipher suites get used can depend on the current default behavior in the version of Windows you are running on, and whether or not the new DefaultSecureProtocols registry entry has been added and what value it has.
If the new protocol ciphers have been selected by default and your targeted site is still using old SSL/TLS then you will fail.
If any of that fits your scenario then the most simple fix might be something like:
Code:
Option Explicit
'
'Reference to: Microsoft WinHTTP Services, version 5.1
'
'Requires Windows Vista, Windows XP SP1, or Windows 2000
'Professional SP3 and later.
'
Private Sub Main()
Dim HTTPRequest As WinHttp.WinHttpRequest
Set HTTPRequest = New WinHttp.WinHttpRequest
With HTTPRequest
.Open "GET", "http://www.google.com/", True
.Option(WinHttpRequestOption_SecureProtocols) = SecureProtocol_ALL
.Option(WinHttpRequestOption_EnableRedirects) = True
.Send
If .WaitForResponse(3) Then
MsgBox .ResponseText
Else
MsgBox "Timed out after 3 seconds."
End If
End With
Set HTTPRequest = Nothing
End Sub
See Option Flags, scroll down to WINHTTP_OPTION_SECURE_PROTOCOLS. Also see WinHttpRequestOption enumeration.
Last edited by dilettante; Nov 17th, 2017 at 11:01 AM.
-
Nov 17th, 2017, 03:33 PM
#4
Thread Starter
Fanatic Member
Re: https vs http
I am using VB6 in Win 7 Pro. I added the lines of code suggested by Dilettante. Specifically
.Option(WinRequestOption_SecureProtocols) = SecureProtocol_ALL and
.Option(WinRequestOption_EnableRedirects) ] True
No luck. I get the same failure.
-
Nov 17th, 2017, 04:28 PM
#5
Thread Starter
Fanatic Member
Re: https vs http
In the previous post the ] should be =.
I also tried this on VMXP SP3. The results were the exact same. That is with and without Diletante's suggestions.
-
Nov 17th, 2017, 06:12 PM
#6
Fanatic Member
-
Nov 17th, 2017, 06:18 PM
#7
Thread Starter
Fanatic Member
Re: https vs http
IE11. In the internet options for IE11 I have SSL 2.0, SSL 3.0, TLS 1.0, TLS 2.0, ad TLS 1.2 turned on.
-
Nov 17th, 2017, 06:57 PM
#8
Fanatic Member
Re: https vs http
I actually are using MSINET.OCX, and the website I browse, works only if IE11 is installed, so modern WIN only. (Win Server 2008 RC2) is the minimun). Or Win7 SP2 if wrongfully using a server in a workstation windows.
Anyway.
IIRC there is no any "Option" to tweak using MSINET.OCX. It is full auto.
-
Nov 17th, 2017, 07:00 PM
#9
Fanatic Member
Re: https vs http
Anyway some website can prevent a bot from getting the correct data, by example: anti-bot policy.
But in MSINET is possible to CHEAT, and indetifies it in the HTTP header that it is just a normal Chrome browser. So removing the "MSINET v1.0" ID thing. (the identification tag that webserver sees).
-
Nov 17th, 2017, 09:30 PM
#10
Re: https vs http
What result do you see? Is there an error? Not the data you expect?
-
Nov 17th, 2017, 10:10 PM
#11
Thread Starter
Fanatic Member
Re: https vs http
The only I can produce is "Invalid procedure call or argument" Error number = 5.
It happens on the statement "If HttpRequest.WaitForResponse(5) then".
The code then jumps to my error handler.
-
Nov 17th, 2017, 10:13 PM
#12
Thread Starter
Fanatic Member
Re: https vs http
The same error is triggered if I use Dilettante's suggestion.
-
Nov 17th, 2017, 10:19 PM
#13
Re: https vs http
Well that suggests something else is going on unrelated to HTTPS at all. Without seeing more code I'm not sure how we can guess what may be going wrong.
-
Nov 18th, 2017, 10:24 AM
#14
Thread Starter
Fanatic Member
Re: https vs http
How do I copy the code into the reply? Whenever I try, either in 'quick rely' or 'go advanced' the code does not appear.
-
Nov 19th, 2017, 01:04 AM
#15
Re: https vs http
use the # button, paste your code between the tags
i do my best to test code works before i post it, but sometimes am unable to do so for some reason, and usually say so if this is the case.
Note code snippets posted are just that and do not include error handling that is required in real world applications, but avoid On Error Resume Next
dim all variables as required as often i have done so elsewhere in my code but only posted the relevant part
come back and mark your original post as resolved if your problem is fixed
pete
-
Nov 19th, 2017, 07:56 AM
#16
Thread Starter
Fanatic Member
Re: https vs http
That's what I've been doing and sometimes I get a popup asking me to allow the web page to access my clipboard. I respond 'Allow" and I get nothing.
-
Nov 19th, 2017, 12:06 PM
#17
Thread Starter
Fanatic Member
Re: https vs http
OK. So I fixed the problem. I don't know how or why. I just fixed it. Maybe you all can explain why and help others.
I followed Dilettante's suggestion and added to it. Since this site and/or my operating system will not let me copy and paste, I will type it out the hard way.
Dilettante's code:
Code:
.option(WinHttpRequestOption_SecureProtocols) = SecureProtocol_ALL
.option(WinHttpRequestOption_EnableRedirects) = True
Additional code:
Code:
.option(WinHttpRequestOption_UseAgentString) = ="IE11"
.option(WinHttpRequestOption_EnableHttpsToHttpRedirects) = True
.option(WinHttpRequestOption_SslErrorIgnoreFlags) = 13056
Thanks to ALL
Last edited by AccessShell; Nov 19th, 2017 at 12:19 PM.
-
Nov 19th, 2017, 12:47 PM
#18
Re: [RESOLVED] https vs http
AS
Glad you got it fixed.
RE CODE tags
- surely you acknowledge that it is not the site .. see dilettante's post #3.
- I take it that in your post #17, you "deployed" the tags using the # button and then manually typed
- If so, it is a shame .. posting code is such a basic feature.
Spoo
-
Nov 19th, 2017, 04:22 PM
#19
Re: [RESOLVED] https vs http
You are better off using the defined const names instead of assigning a magic number.
Names values for WinHttpRequestOption_SslErrorIgnoreFlags include SslErrorFlag_CertCNInvalid, SslErrorFlag_CertDateInvalid, SslErrorFlag_CertWrongUsage, SslErrorFlag_Ignore_All, and SslErrorFlag_UnknownCA.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|