[DUG] Indy 10 SSL issue with TidHttpServer

Robert Martin rob at chreos.co.nz
Thu Oct 25 16:47:16 NZDT 2018 

Hi All

I am having trouble setting up an HttpServer with SSL support. 
Everything works great for non Http but I just added SSL support and 
cannot get clients to access using SSL.

My code below

     fIdHTTPServer := TIdHTTPServer.Create(nil);

     fIdHTTPServer.Active                    := False;
     fIdHTTPServer.DefaultPort               := fSettings.PortNumber;

     with fIdHTTPServer.Bindings.Add do begin
         IP      := '127.0.0.1';
         Port    := fSettings.PortNumber;
     end;

     fIdHTTPServer.AutoStartSession          := True;
     fIdHTTPServer.ListenQueue               := 100;
     fIdHTTPServer.MaximumHeaderLineCount    := 2048;
     fIdHTTPServer.ServerSoftware            := 'TestHTTPServer/' + 
SYS_VERSION;
     fIdHTTPServer.SessionState              := True;
     fIdHTTPServer.SessionTimeOut            := SYS_SESSION_TIMEOUT_SEC 
* 1000;

     //Setup for SSL
SetDllDirectory(PWideChar(ExtractFilePath(ParamStr(0)))); //This call 
disables SafeDllSearchMode which means the apps directory isn't searched 
first.  Might fix issues with multiple different ssl dlls on some installs

     fIdHTTPServer.OnQuerySSLPort            := OnQuerySSLPort;



     fSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
     fSSLHandler.SSLOptions.SSLVersions  := [sslvSSLv3, sslvSSLv2, 
sslvTLSv1];
     fSSLHandler.SSLOptions.Mode         := sslmServer;
     fSSLHandler.SSLOptions.VerifyMode   := [sslvrfPeer, sslvrfClientOnce];
     fSSLHandler.SSLOptions.VerifyDepth  := 10;
     fIdHTTPServer.IOHandler             := fSSLHandler;


and

procedure TCWFA_Server.OnQuerySSLPort(APort: TIdPort; var VUseSSL: Boolean);
begin
     //Force SSL for all connections
     VUseSSL := True;
end;


The idea here is I only want to allow SSL connections.  When vUseSSL = 
true my idHttpClient app fails, tring to connect from a browser returns

'An error occurred during a connection to localhost:52123. Cannot 
communicate securely with peer: no common encryption algorithm(s). Error 
code: SSL_ERROR_NO_CYPHER_OVERLAP '

I have tried every ssl version combination I can think of and the 
VerifyMode / VerifyDepth settings seem to make no difference.  I have 
the latest version if the open ssl dlls in with the app. Setting vUseSSL 
:= False allows connection unless I try and force ssl from the browser 
end. by adding https:// to the call.

Any suggestions ?



Cheers
Rob

More information about the Delphi mailing list