[DUG] Indy 10 SSL issue with TidHttpServer

Ross Levis ross at stationplaylist.com
Thu Oct 25 17:18:49 NZDT 2018 

> I have the latest version if the open ssl dlls in with the app.

This could be the issue.  Indy only supports OpenSSL v1.0.x, not 1.1.x.  Also ensure you are using the Win32 DLLs if you are compiling your app with the 32-bit compiler.

32-bit
https://slproweb.com/download/Win32OpenSSL_Light-1_0_2p.exe

64-bit
https://slproweb.com/download/Win64OpenSSL_Light-1_0_2p.exe

Ross.

-----Original Message-----
From: delphi-bounces at listserver.123.net.nz [mailto:delphi-bounces at listserver.123.net.nz] On Behalf Of Robert Martin
Sent: Thursday, 25 October 2018 4:47 p.m.
To: NZ Borland Developers Group - Delphi List
Subject: [DUG] Indy 10 SSL issue with TidHttpServer

Hi All

I am having trouble setting up an HttpServer with SSL support. 
Everything works great for non Http but I just added SSL support and cannot get clients to access using SSL.

My code below

     fIdHTTPServer := TIdHTTPServer.Create(nil);

     fIdHTTPServer.Active                    := False;
     fIdHTTPServer.DefaultPort               := fSettings.PortNumber;

     with fIdHTTPServer.Bindings.Add do begin
         IP      := '127.0.0.1';
         Port    := fSettings.PortNumber;
     end;

     fIdHTTPServer.AutoStartSession          := True;
     fIdHTTPServer.ListenQueue               := 100;
     fIdHTTPServer.MaximumHeaderLineCount    := 2048;
     fIdHTTPServer.ServerSoftware            := 'TestHTTPServer/' + SYS_VERSION;
     fIdHTTPServer.SessionState              := True;
     fIdHTTPServer.SessionTimeOut            := SYS_SESSION_TIMEOUT_SEC
* 1000;

     //Setup for SSL
SetDllDirectory(PWideChar(ExtractFilePath(ParamStr(0)))); //This call disables SafeDllSearchMode which means the apps directory isn't searched first.  Might fix issues with multiple different ssl dlls on some installs

     fIdHTTPServer.OnQuerySSLPort            := OnQuerySSLPort;



     fSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
     fSSLHandler.SSLOptions.SSLVersions  := [sslvSSLv3, sslvSSLv2, sslvTLSv1];
     fSSLHandler.SSLOptions.Mode         := sslmServer;
     fSSLHandler.SSLOptions.VerifyMode   := [sslvrfPeer, sslvrfClientOnce];
     fSSLHandler.SSLOptions.VerifyDepth  := 10;
     fIdHTTPServer.IOHandler             := fSSLHandler;


and

procedure TCWFA_Server.OnQuerySSLPort(APort: TIdPort; var VUseSSL: Boolean);
begin
     //Force SSL for all connections
     VUseSSL := True;
end;


The idea here is I only want to allow SSL connections.  When vUseSSL = 
true my idHttpClient app fails, tring to connect from a browser returns

'An error occurred during a connection to localhost:52123. Cannot 
communicate securely with peer: no common encryption algorithm(s). Error 
code: SSL_ERROR_NO_CYPHER_OVERLAP '

I have tried every ssl version combination I can think of and the 
VerifyMode / VerifyDepth settings seem to make no difference.  I have 
the latest version if the open ssl dlls in with the app. Setting vUseSSL 
:= False allows connection unless I try and force ssl from the browser 
end. by adding https:// to the call.

Any suggestions ?



Cheers
Rob

More information about the Delphi mailing list