Okay, so most webservers now have TLS 1.0 and 1.1 disabled, which of course causes code to fail. Also the case for a classic ASP script using MSXML2.ServerXMLHTTP, so Google to the rescue and found this:
It was, surprisingly, easy to convert my existing code in the actual application to use WinHTTP, which appears to work properly enforcing TLS 1.2 on all calls from XP POSReady and Windows 10 (the OS’s where this application will be deployed).
While this isn’t an answer as to why POSReady and XMLServerHTTP calls try to use TLS 1.0 on the first call (despite the registry stating that’s not desirable), it is an acceptable workaround.
For others who may stumble upon this and are hesitant, converting my code was as simple as this:
Set XMLReceive = CreateObject("Msxml2.DOMDocument.6.0") Set XMLServer = CreateObject("Msxml2.ServerXMLHTTP.6.0") XMLServer.setTimeouts ResolveTimeoutMs, ConnectTimeoutMs, SendTimeoutMs, ReceiveTimeoutMs XMLServer.setRequestHeader "User-Agent", "My XML App V1.0" XMLServer.setRequestHeader "Content-type", "text/xml" XMLServer.Open "POST", Server_Address, False XMLServer.send (My_XML_Request_String_or_XML_Document) Failure = (XMLServer.Status <> 200) If Not Failure Then XMLReceive.loadXML (XMLServer.ResponseXML.XML)
to:
Set XMLServer = CreateObject("WinHttp.WinHttpRequest.5.1") Set XMLReceive = CreateObject("Msxml2.DOMDocument.6.0") XMLServer.setTimeouts ResolveTimeoutMs, ConnectTimeoutMs, SendTimeoutMs, ReceiveTimeoutMs 'force TLS 1.2 XMLServer.Option(9) = 2048 XMLServer.Option(6) = True XMLServer.Open "POST", Server_Address, False XMLServer.setRequestHeader "User-Agent", "My XML App V1.0" XMLServer.setRequestHeader "Content-type", "text/xml" XMLServer.send (My_XML_Request_String_or_XML_Document) Failure = (XMLServer.Status <> 200) If Not Failure Then XMLReceive.loadXML (XMLServer.ResponseText)
Good luck!
update july 2021: to be clear, the original link to the original discussion is here with even more details.
Thank you Montclair for providing the solution.