'WinHttpSetOption() failed set TLSv1.2 with error code ERROR_INTERNET_INCORRECT_HANDLE_TYPE

I am trying to set TLSv1.1 or v1.2 from C++ (Win) code using cpprest API calls as mentioned. But WinHttpSetOption() is failing with error ERROR_INTERNET_INCORRECT_HANDLE_TYPE (12018).

OS:Windows(7/8)

  1. Tried to set TLSv1.1 and TLS1.2 from registry setting did not work.
  2. Tried to get OpenSLL but opensll1.0.1(which supports TLS1.1 and more) is not available for windows.
  3. Tried to get other than native handle did not find API 
auto func = [&](web::http::client::native_handle handle){
    BOOL win32Result{ FALSE };
    DWORD secure_protocols{ WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1
        | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 };
    win32Result = ::WinHttpSetOption(handle,
        WINHTTP_OPTION_SECURE_PROTOCOLS,
        &secure_protocols,
        sizeof(secure_protocols));
    if (FALSE == win32Result) {
        std::cout << "Can not set TLS 1.1 or TLS 1.2." << std::endl;
        auto err = GetLastError();
        CString cstr;
        cstr.Format(_T("err = %d"),err);
        AfxMessageBox(cstr);
    }
};
config.set_validate_certificates(false);
config.set_nativehandle_options(func);

Please help me to set TLSv1.1 or v1.2 using C++ REST API. Or how to make WinHttpSetOption() successful.

c++windowsmfccpprest-sdk


Solution 1:[1]

Using WinHttpOpen we can get "session handle" which can be passed to WinHttpSetOption(). This resolve the error "ERROR_INTERNET_INCORRECT_HANDLE_TYPE ".

HINTERNET hSession = WinHttpOpen(L"<Application name>",
    WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
    WINHTTP_NO_PROXY_NAME,
    WINHTTP_NO_PROXY_BYPASS, 0);

Though i am setting the TLS version to 1.2/1.1. Still my "http_request" is using TLSv1.0 which is default in Windows 7/8.1.(This is can confirm using wireshark)

Can any one let me know why "http_request" still using TLS1.0.

Solution 2:[2]

Please try installing this update:

https://support.microsoft.com/en-gb/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392

"This update provides support for Transport Layer Security (TLS) 1.1 and TLS 1.2 in Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1."

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Sunandan Nandi
Solution 2 arun

Related Questions