dcsimg
Results 1 to 19 of 19

Thread: [RESOLVED] https vs http

  1. #1

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Resolved [RESOLVED] https vs http

    I am using VB6 on a Win7 Pro operating system. I have a program that goes after some data on the internet. I am using the reference 'Microsoft WinHttp Services, version 5.1'. Everything worked fine until yesterday. The format of the page on the internet has not changed. But part of the address has changed. Instead of starting with http it now starts with https. My old favorite in IE11 still has the http in the address and it still gets he correct web page.

    I am not sure how to correct the problem!

    Any help would be appreciated.

    Thank

  2. #2
    Fanatic Member
    Join Date
    Jan 2013
    Posts
    782

    Re: https vs http

    First, newer HTTPS protocol revision = force it has installed IE11 forcefully. Don't work with any previous IE.

    This rule was about the security bugfix which changes the https protocol. Not all HTTPs websites uses the latest revision. But NEW just changed to HTtPS protocol will use the latest revision.

    and that it is.

    the symptoms of this, the app if observer ChangeState, it try to connect 3 times and then returns error. If using the MSINET by example. But is the same.

  3. #3
    PowerPoster
    Join Date
    Feb 2006
    Posts
    20,843

    Re: https vs http

    Many sites have switched from using HTTP to secure HTTPS as a general policy. In some cases they'll do it because Google and others lowered page rankings or dropped them altogether for HTTP URLs.

    Some sites will assist users with old shortcuts by keeping their HTTP URLs active with a redirect to the moved page at the new HTTPS URL.

    Browsers normally follow redirects silently. WinInet also does so, being part of IE. WinHttp also does this by default, but if you have turned WinHttpRequestOption_EnableRedirects off then it will not. This seems unlikely.

    Another issue is that not very long ago many sites stopped using an old SSL/TLS cipher suite because it was insecure. Microsoft has updated many versions of Windows with the new ciphers and changed the defaults in IE/WinInet and WinHttp to use them. Windows XP is a dead OS, but the security issue was severe enough and the impact of its "fix" so broad that a patch was produced for XP as well, but you might not get it unless you manually download and install it on XP.

    But see Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows:

    Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols. This is because the definition of this flag doesn't include these applications and services.

    This update adds support for DefaultSecureProtocols registry entry that allows the system administrator to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used.

    This can allow certain applications that were built to use the WinHTTP default flag to be able to leverage the newer TLS 1.2 or TLS 1.1 protocols natively without any need for updates to the application.

    This is the case for some Microsoft Office applications when they open documents from a SharePoint library or a Web Folder, IP-HTTPS tunnels for DirectAccess connectivity, and other applications by using technologies such as WebClient by using WebDav, WinRM, and others.

    This update will not change the behavior of applications that are manually setting the secure protocols instead of pass the default flag.
    Most likely you are letting the option default. If so then which cipher suites get used can depend on the current default behavior in the version of Windows you are running on, and whether or not the new DefaultSecureProtocols registry entry has been added and what value it has.

    If the new protocol ciphers have been selected by default and your targeted site is still using old SSL/TLS then you will fail.


    If any of that fits your scenario then the most simple fix might be something like:

    Code:
    Option Explicit
    '
    'Reference to: Microsoft WinHTTP Services, version 5.1
    '
    'Requires Windows Vista, Windows XP SP1, or Windows 2000
    'Professional SP3 and later.
    '
    
    Private Sub Main()
        Dim HTTPRequest As WinHttp.WinHttpRequest
    
        Set HTTPRequest = New WinHttp.WinHttpRequest
        With HTTPRequest
            .Open "GET", "http://www.google.com/", True
            .Option(WinHttpRequestOption_SecureProtocols) = SecureProtocol_ALL
            .Option(WinHttpRequestOption_EnableRedirects) = True
            .Send
            If .WaitForResponse(3) Then
                MsgBox .ResponseText
            Else
                MsgBox "Timed out after 3 seconds."
            End If
        End With
        Set HTTPRequest = Nothing
    End Sub
    See Option Flags, scroll down to WINHTTP_OPTION_SECURE_PROTOCOLS. Also see WinHttpRequestOption enumeration.
    Last edited by dilettante; Nov 17th, 2017 at 11:01 AM.

  4. #4

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Re: https vs http

    I am using VB6 in Win 7 Pro. I added the lines of code suggested by Dilettante. Specifically
    .Option(WinRequestOption_SecureProtocols) = SecureProtocol_ALL and
    .Option(WinRequestOption_EnableRedirects) ] True

    No luck. I get the same failure.

  5. #5

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Re: https vs http

    In the previous post the ] should be =.

    I also tried this on VMXP SP3. The results were the exact same. That is with and without Diletante's suggestions.

  6. #6
    Fanatic Member
    Join Date
    Jan 2013
    Posts
    782

    Re: https vs http

    IE11 or older?

  7. #7

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Re: https vs http

    IE11. In the internet options for IE11 I have SSL 2.0, SSL 3.0, TLS 1.0, TLS 2.0, ad TLS 1.2 turned on.

  8. #8
    Fanatic Member
    Join Date
    Jan 2013
    Posts
    782

    Re: https vs http

    I actually are using MSINET.OCX, and the website I browse, works only if IE11 is installed, so modern WIN only. (Win Server 2008 RC2) is the minimun). Or Win7 SP2 if wrongfully using a server in a workstation windows.

    Anyway.

    IIRC there is no any "Option" to tweak using MSINET.OCX. It is full auto.

  9. #9
    Fanatic Member
    Join Date
    Jan 2013
    Posts
    782

    Re: https vs http

    Anyway some website can prevent a bot from getting the correct data, by example: anti-bot policy.

    But in MSINET is possible to CHEAT, and indetifies it in the HTTP header that it is just a normal Chrome browser. So removing the "MSINET v1.0" ID thing. (the identification tag that webserver sees).

  10. #10
    PowerPoster
    Join Date
    Feb 2006
    Posts
    20,843

    Re: https vs http

    What result do you see? Is there an error? Not the data you expect?

  11. #11

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Re: https vs http

    The only I can produce is "Invalid procedure call or argument" Error number = 5.
    It happens on the statement "If HttpRequest.WaitForResponse(5) then".
    The code then jumps to my error handler.

  12. #12

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Re: https vs http

    The same error is triggered if I use Dilettante's suggestion.

  13. #13
    PowerPoster
    Join Date
    Feb 2006
    Posts
    20,843

    Re: https vs http

    Well that suggests something else is going on unrelated to HTTPS at all. Without seeing more code I'm not sure how we can guess what may be going wrong.

  14. #14

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Re: https vs http

    How do I copy the code into the reply? Whenever I try, either in 'quick rely' or 'go advanced' the code does not appear.

  15. #15
    PowerPoster
    Join Date
    Dec 2004
    Posts
    24,710

    Re: https vs http

    use the # button, paste your code between the tags
    i do my best to test code works before i post it, but sometimes am unable to do so for some reason, and usually say so if this is the case.
    Note code snippets posted are just that and do not include error handling that is required in real world applications, but avoid On Error Resume Next

    dim all variables as required as often i have done so elsewhere in my code but only posted the relevant part

    come back and mark your original post as resolved if your problem is fixed
    pete

  16. #16

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Re: https vs http

    That's what I've been doing and sometimes I get a popup asking me to allow the web page to access my clipboard. I respond 'Allow" and I get nothing.

  17. #17

    Thread Starter
    Addicted Member AccessShell's Avatar
    Join Date
    Oct 2013
    Posts
    241

    Re: https vs http

    OK. So I fixed the problem. I don't know how or why. I just fixed it. Maybe you all can explain why and help others.
    I followed Dilettante's suggestion and added to it. Since this site and/or my operating system will not let me copy and paste, I will type it out the hard way.
    Dilettante's code:
    Code:
        .option(WinHttpRequestOption_SecureProtocols) = SecureProtocol_ALL
        .option(WinHttpRequestOption_EnableRedirects) = True
    Additional code:
    Code:
        .option(WinHttpRequestOption_UseAgentString) = ="IE11"
        .option(WinHttpRequestOption_EnableHttpsToHttpRedirects) = True
        .option(WinHttpRequestOption_SslErrorIgnoreFlags) = 13056
    Thanks to ALL
    Last edited by AccessShell; Nov 19th, 2017 at 12:19 PM.

  18. #18
    Fanatic Member Spooman's Avatar
    Join Date
    Mar 2017
    Posts
    869

    Re: [RESOLVED] https vs http

    AS

    Glad you got it fixed.

    RE CODE tags
    • surely you acknowledge that it is not the site .. see dilettante's post #3.
    • I take it that in your post #17, you "deployed" the tags using the # button and then manually typed
    • If so, it is a shame .. posting code is such a basic feature.


    Spoo

  19. #19
    PowerPoster
    Join Date
    Feb 2006
    Posts
    20,843

    Re: [RESOLVED] https vs http

    You are better off using the defined const names instead of assigning a magic number.

    Names values for WinHttpRequestOption_SslErrorIgnoreFlags include SslErrorFlag_CertCNInvalid, SslErrorFlag_CertDateInvalid, SslErrorFlag_CertWrongUsage, SslErrorFlag_Ignore_All, and SslErrorFlag_UnknownCA.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width