获取Paypal响应TLS 1.2 .Net Framework 4.0

Question

We have a website that uses .Net Framework 4.0 and IIS 7. After the lasts updates of Paypal our IPN handler is not working any more. We had this error: The request was aborted: Could not create SSL/TLS secure channel sandbox account So as we are using .Net Framework 4.0 We added the next line:

ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; // SecurityProtocolType.Tls12

Now we have another error: The underlying connection was closed: An unexpected error occurred on a send.

The class that handles the response is based in this example: https://mvcsamples.svn.codeplex.com/svn/trunk/Kona.Web/Controllers/PayPalController.cs

After adding the before line now looks like this:

private string GetPayPalResponse(Dictionary<string, string> formVals, bool useSandbox)
{
        string paypalUrl = useSandbox ? "https://www.sandbox.paypal.com/cgi-bin/webscr"
            : "https://www.paypal.com/cgi-bin/webscr";

        ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; // SecurityProtocolType.Tls12

        HttpWebRequest req = (HttpWebRequest)WebRequest.Create(paypalUrl);

        // Set values for the request back
        req.Method = "POST";
        req.ContentType = "application/x-www-form-urlencoded";

        byte[] param = Request.BinaryRead(Request.ContentLength);
        string strRequest = Encoding.ASCII.GetString(param);

        StringBuilder sb = new StringBuilder();
        sb.Append(strRequest);

        foreach (string key in formVals.Keys)
        {
            sb.AppendFormat("&{0}={1}", key, formVals[key]);
        }
        strRequest += sb.ToString();
        req.ContentLength = strRequest.Length;

        //for proxy
        //WebProxy proxy = new WebProxy(new Uri("http://urlort#");
        //req.Proxy = proxy;
        //Send the request to PayPal and get the response
        string response = "";
        using (StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII)) 
        {
            streamOut.Write(strRequest);
            streamOut.Close(); linea = 10;
            using (StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream()))
            {
                response = streamIn.ReadToEnd();
            }
        }
        return response;
 }

The exception is raised in this line:

using (StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII))

We are not sure if we could make Paypal work with .NET Framework 4.0. There is said that is possible using the line we added. But is not working. Maybe there are more changes needed to be done in the code or in the IS 7. But we couldn't find examples.

Thank you for the help.

EDIT:

I almost forgot to mention that the project is developed using Visual Studio 2010. Where there's not the .NET Framework 4.5.

EDIT 2:

I investigated the issue and I found that our server Windows Server 2008 didn't support TLS 1.2 (look at the table): https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/ But after that I found a new update of this year 2016 for all versions of SQL Server. https://blogs.msdn.microsoft.com/sqlreleaseservices/tls-1-2-support-for-sql-server-2008-2008-r2-2012-and-2014/ http://blogs.sqlsentry.com/aaronbertrand/tls-1-2-support-read-first/

But at the end my boss for some reasons decided not to update the server using the new update or using the register method.

So I can't prove any solution tosolve the problem. Sorry for the trouble.

Answer 1

I recently ran into a similar problem with Salesforce. They are disabling Tls 1.0 support.

If you upgrade to .net 4.5, you can just add this code before you call

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

If you can't upgrade to .net 4.5, you can set some registry values. Here's the info from https://help.salesforce.com/apex/HTViewSolution?id=000221207

.NET 4.0 does not enable TLS 1.2 by default. To enable TLS 1.2 by default, it is possible to set the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft.NETFramework\\v4.0.30319" and "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft.NETFramework\\v4.0.30319". Those registry keys, however, will enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. We recommend testing this change before deploying it to your production servers. This is also available as a registry import file. These registry values, however, will not affect .NET applications that set the System.Net.ServicePointManager.SecurityProtocol value.