I have a django-python server with a VBA front end connecting using winhttp and REST API. So, in this case the requests sent and received are controlled by us and per-determined.
A while ago when our servers were updated to TLS from SSL, we had a lot of users facing "connection terminated abnormally" error when using VBA Winhttp and REST APIs. We used the existing microsoft article to update machines of users on windows 7 and problem was resolved. More recently, I have had a few cases of same error where the patch/update have been applied before or its application did not fix the issue.
I don't see their incoming traffic on our server log at all (some are using proxy servers) but even proxy server ip is not there.
I am trying to find out where to look or what else can cause this issue so I can track it down. Any idea/suggestion is appreciated.
Source : Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows
This is for reference for future visitors with similar issue:
I have been facing the issue of TLS on Windows 7 clients for a while and did one round of fixing based on Microsoft article summarized below:
Step 1. Get Microsoft Update KB3140245: Download relevant (32-bits or 64-bits of user's Windows version) Microsoft Security Protocol Update and install if not already install.
Step 2. Download Microsoft Easy Fix: Download Microsoft “Easy Fix” from Microsoft Support Article, and execute to set TLS 1.1+ as default.
However, later on, I had another round of similar issues which made me realize the fix tool on Microsoft page will not set all the registry keys (missing SChannel Registry Keys). So, I managed to put some scripts together to allow the full fix by setting both Internet Options and SChannel. The SChannel registry keys for TLS1.1/1.2 needs to be added to set enable TLS by default for Winhttp.
WinHttp Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
==> DWORD DefaultSecureProtocols=0x00000A00 (32-bits and 64-bits)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
==> DWORD DefaultSecureProtocols=0x00000A00 (64-bits)
SCHANNEL Keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
==> DWORD DisabledByDefault=0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
==> DWORD DisabledByDefault=0x00000000
Comprehensive Fix: The Microsoft patch does not fix all the registry entries to update WinHTTP defaults and skip over SChannel entries. So, if the two-step fix abpve did not resolve the issue, this github project contains powershell scripts to download and apply all the required registry modification listed above and might be helpful for a more comprehensive one-shot fix: Winttp-TLS