I use a service that recently updated to TLS 1.2, so, I update the proyecto to use use URLConnection for the POST, It is working on windows 10, but in windows 7 I get this error:
[code]RuntimeException
Exception Message: Security Error
Exception Error: Number 12175[/code]
The documentation has no info about requisites for running on windows 7, URLConnection — Xojo documentation
Any thoughts on how to use URLConnection with TLS 1.2 in windows 7?
Wininet.h gives this for the error code 12175:
More info:
https://docs.microsoft.com/nl-nl/windows/desktop/WinInet/content-encoding
Probably the Content-Type is not correct or the encoding itself (the www usually wants/uses UTF-8)
I think it is this one:
[code]ERROR_WINHTTP_SECURE_FAILURE
12175
One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. For more information, see WINHTTP_STATUS_CALLBACK.[/code]
https://docs.microsoft.com/en-us/windows/desktop/winhttp/error-messages
Probably the certificate is expired ?
You can try this: http://documentation.xojo.com/api/networking/urlconnection.html#urlconnection-allowcertificatevalidation
Set it to False (Use with care!) to see if the request works, then set it to True for production again.
[quote=433068:@Derk Jochems]Probably the certificate is expired ?
You can try this: http://documentation.xojo.com/api/networking/urlconnection.html#urlconnection-allowcertificatevalidation
Set it to False (Use with care!) to see if the request works, then set it to True for production again.[/quote]
Any problem with the certificate, should cause problems in all platforms, not just Windows 7, It is worrnking Ok on Windows 8 And Windows 10
TLSv1.2 is not enabled on Windows 7 by default. You’ll have to do that yourself… Looking up how to do that.
Control Panel > Internet Options > Advanced > Security > Use TLS 1.2.
[quote=433089:@Greg O’Lone]TLSv1.2 is not enabled on Windows 7 by default. You’ll have to do that yourself… Looking up how to do that.
Control Panel > Internet Options > Advanced > Security > Use TLS 1.2.[/quote]
This option wasn’t there. It was Windows 7 SP1, but was not updated.
Found it, Windows 7 need the kb3140245:
In this page it is a link to the Windows Catalog,
Download and install the kb3140245
Also, in that page, it is a link to a “Easy fix”, Download and run it
Restart.
This could be a good addition to the documentation
[quote=433089:@Greg O’Lone]TLSv1.2 is not enabled on Windows 7 by default. You’ll have to do that yourself… Looking up how to do that.
Control Panel > Internet Options > Advanced > Security > Use TLS 1.2.[/quote]
I recall William saying this wasnt necessary with URLConnection.
When I switched to URLConnection a few weeks ago, I found I was easier to add the two registry keys mentioned in the MS support KB to my Innosetup script instead of having Windows 7 users change their own system. That seems to have done the trick.
I had more luck downloading the KB files and having my IS script run them post-install. When I tried just doing the registry thing, Id sometimes still have users with issues.
Edit: for Xojo.Net.HTTPSocket
The two registry keys only works IF the kb3140245 is installed AND even then, some windows 7 may need more registry changes, the “Easy fix” tool makes all the changes . For a Innosetup, you can run those two in silent mode.
Me too, maybe they tested only in a full updated windows 7Sp1
Thanks! To be extra safe I’ll install the “Easy Fix” tool. You mention you can run “those two in silent mode”. Are there two “Easy Fix” tools? I only see one in that KB and just want to make sure I’m not missing something. 
You can see how I do it here: Beacon/Installers/Windows at master · thommcgrath/Beacon · GitHub
The KB files (one for 32 and one for 64 bit) are in the Files folder. Inno runs them at the end in the [Run] section.
Edit: Just reviewing my code and I made it much more complicated by using actual code to check for the necessity of the KB first. Definitely worth a look.
Thanks @Thom McGrath ! I’ll do it that way. 
By them, I meant the KB update installer and the “Easy fix” tool.
Great example, but, you are also editing the registry manually. Today I deploy the new URLConnection version of my app on many Windows 7 Machine. In most of them worked As Is, on some, worked editing the registry, but on 2, didn’t work until runing the “easy fix”.
Yes youre right. I remember trying just one or the other, but found doing both necessary for best coverage.