I have a VBScript program that retrieves a web page from a server not under my control. The URL looks something like https://someserver.xxx/index.html. I use this code to create the object that does the page getting:

Set objWinHttp = CreateObject("WinHttp.WinHttpRequest.5.1")

When I wrote my program it had no problem retrieving this page. Recently, the web server serving this page went through an upgrade. Now my program can no longer fetch the page.

Some clues:

Clue 1. I can fetch the web page if I use a browser (I tried Firefox, IE, and Chrome).

Clue 2. The VBScript code yields this error:

The message received was unexpected or badly formatted.

Clue 3. I can fetch the web page from the command line in certain cases but not in others:

curl --sslv3 -v -k 'https://someserver.xxx/index.html' # WORKS!
curl --sslv2 -v -k 'https://someserver.xxx/index.html' # WORKS!
curl -v -k 'https://someserver.xxx/index.html'         # FAILS
curl --tlsv1 -v -k 'https://someserver.xxx/index.html' # FAILS

In the case where I do not specify a protocol I get this error:

* SSLv3, TLS handshake, Client hello (1):
* error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter
* Closing connection #0

In the case where I specify --tlsv1 I get this error:

* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Server hello (2):
* error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter
* Closing connection #0

A. Does anyone have any suggestions or ideas on what might be going on at the web server end (I am unable to talk to the admins of the web server to find out what they changed).

B. Is there a way I can change my VBScript code to work around this issue? Can the SSL version be forced?