[DUG] Indy 10 SSL issue with TidHttpServer

Fri Oct 26 08:50:34 NZDT 2018

Hi Ross

I am using the 32bit 1.0.2p as listed.  I was using an older version but 
upgraded to make sure that wasn't the issue.  I am sure it's just an 
Indy setting I have missed but not sure what :)

Cheers
Rob

On 25/10/2018 5:18 PM, Ross Levis wrote:
>> I have the latest version if the open ssl dlls in with the app.
> This could be the issue.  Indy only supports OpenSSL v1.0.x, not 1.1.x.  Also ensure you are using the Win32 DLLs if you are compiling your app with the 32-bit compiler.
>
> 32-bit
> https://slproweb.com/download/Win32OpenSSL_Light-1_0_2p.exe
>
> 64-bit
> https://slproweb.com/download/Win64OpenSSL_Light-1_0_2p.exe
>
> Ross.
>
> -----Original Message-----
> From: delphi-bounces at listserver.123.net.nz [mailto:delphi-bounces at listserver.123.net.nz] On Behalf Of Robert Martin
> Sent: Thursday, 25 October 2018 4:47 p.m.
> To: NZ Borland Developers Group - Delphi List
> Subject: [DUG] Indy 10 SSL issue with TidHttpServer
>
> Hi All
>
> I am having trouble setting up an HttpServer with SSL support.
> Everything works great for non Http but I just added SSL support and cannot get clients to access using SSL.
>
> My code below
>
>       fIdHTTPServer := TIdHTTPServer.Create(nil);
>
>       fIdHTTPServer.Active                    := False;
>       fIdHTTPServer.DefaultPort               := fSettings.PortNumber;
>
>       with fIdHTTPServer.Bindings.Add do begin
>           IP      := '127.0.0.1';
>           Port    := fSettings.PortNumber;
>       end;
>
>       fIdHTTPServer.AutoStartSession          := True;
>       fIdHTTPServer.ListenQueue               := 100;
>       fIdHTTPServer.MaximumHeaderLineCount    := 2048;
>       fIdHTTPServer.ServerSoftware            := 'TestHTTPServer/' + SYS_VERSION;
>       fIdHTTPServer.SessionState              := True;
>       fIdHTTPServer.SessionTimeOut            := SYS_SESSION_TIMEOUT_SEC
> * 1000;
>
>       //Setup for SSL
> SetDllDirectory(PWideChar(ExtractFilePath(ParamStr(0)))); //This call disables SafeDllSearchMode which means the apps directory isn't searched first.  Might fix issues with multiple different ssl dlls on some installs
>
>       fIdHTTPServer.OnQuerySSLPort            := OnQuerySSLPort;
>
>
>
>       fSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
>       fSSLHandler.SSLOptions.SSLVersions  := [sslvSSLv3, sslvSSLv2, sslvTLSv1];
>       fSSLHandler.SSLOptions.Mode         := sslmServer;
>       fSSLHandler.SSLOptions.VerifyMode   := [sslvrfPeer, sslvrfClientOnce];
>       fSSLHandler.SSLOptions.VerifyDepth  := 10;
>       fIdHTTPServer.IOHandler             := fSSLHandler;
>
>
> and
>
> procedure TCWFA_Server.OnQuerySSLPort(APort: TIdPort; var VUseSSL: Boolean);
> begin
>       //Force SSL for all connections
>       VUseSSL := True;
> end;
>
>
> The idea here is I only want to allow SSL connections.  When vUseSSL =
> true my idHttpClient app fails, tring to connect from a browser returns
>
> 'An error occurred during a connection to localhost:52123. Cannot
> communicate securely with peer: no common encryption algorithm(s). Error
> code: SSL_ERROR_NO_CYPHER_OVERLAP '
>
> I have tried every ssl version combination I can think of and the
> VerifyMode / VerifyDepth settings seem to make no difference.  I have
> the latest version if the open ssl dlls in with the app. Setting vUseSSL
> := False allows connection unless I try and force ssl from the browser
> end. by adding https:// to the call.
>
> Any suggestions ?
>
>
>
> Cheers
> Rob
>
>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at listserver.123.net.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with Subject: unsubscribe
>