[DUG] Indy 10 SSL issue with TidHttpServer

Robert Martin rob at chreos.co.nz
Fri Oct 26 16:53:22 NZDT 2018 

Hi

FYI I worked out the issue and have it all working fine now.  I am 
ashamed to admit that I forgot to assign the certificate at the server end

Thanks
Rob



On 26/10/2018 8:50 AM, Robert Martin wrote:
> Hi Ross
>
> I am using the 32bit 1.0.2p as listed.  I was using an older version but
> upgraded to make sure that wasn't the issue.  I am sure it's just an
> Indy setting I have missed but not sure what :)
>
> Cheers
> Rob
>
> On 25/10/2018 5:18 PM, Ross Levis wrote:
>>> I have the latest version if the open ssl dlls in with the app.
>> This could be the issue.  Indy only supports OpenSSL v1.0.x, not 1.1.x.  Also ensure you are using the Win32 DLLs if you are compiling your app with the 32-bit compiler.
>>
>> 32-bit
>> https://slproweb.com/download/Win32OpenSSL_Light-1_0_2p.exe
>>
>> 64-bit
>> https://slproweb.com/download/Win64OpenSSL_Light-1_0_2p.exe
>>
>> Ross.
>>
>> -----Original Message-----
>> From: delphi-bounces at listserver.123.net.nz [mailto:delphi-bounces at listserver.123.net.nz] On Behalf Of Robert Martin
>> Sent: Thursday, 25 October 2018 4:47 p.m.
>> To: NZ Borland Developers Group - Delphi List
>> Subject: [DUG] Indy 10 SSL issue with TidHttpServer
>>
>> Hi All
>>
>> I am having trouble setting up an HttpServer with SSL support.
>> Everything works great for non Http but I just added SSL support and cannot get clients to access using SSL.
>>
>> My code below
>>
>>        fIdHTTPServer := TIdHTTPServer.Create(nil);
>>
>>        fIdHTTPServer.Active                    := False;
>>        fIdHTTPServer.DefaultPort               := fSettings.PortNumber;
>>
>>        with fIdHTTPServer.Bindings.Add do begin
>>            IP      := '127.0.0.1';
>>            Port    := fSettings.PortNumber;
>>        end;
>>
>>        fIdHTTPServer.AutoStartSession          := True;
>>        fIdHTTPServer.ListenQueue               := 100;
>>        fIdHTTPServer.MaximumHeaderLineCount    := 2048;
>>        fIdHTTPServer.ServerSoftware            := 'TestHTTPServer/' + SYS_VERSION;
>>        fIdHTTPServer.SessionState              := True;
>>        fIdHTTPServer.SessionTimeOut            := SYS_SESSION_TIMEOUT_SEC
>> * 1000;
>>
>>        //Setup for SSL
>> SetDllDirectory(PWideChar(ExtractFilePath(ParamStr(0)))); //This call disables SafeDllSearchMode which means the apps directory isn't searched first.  Might fix issues with multiple different ssl dlls on some installs
>>
>>        fIdHTTPServer.OnQuerySSLPort            := OnQuerySSLPort;
>>
>>
>>
>>        fSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
>>        fSSLHandler.SSLOptions.SSLVersions  := [sslvSSLv3, sslvSSLv2, sslvTLSv1];
>>        fSSLHandler.SSLOptions.Mode         := sslmServer;
>>        fSSLHandler.SSLOptions.VerifyMode   := [sslvrfPeer, sslvrfClientOnce];
>>        fSSLHandler.SSLOptions.VerifyDepth  := 10;
>>        fIdHTTPServer.IOHandler             := fSSLHandler;
>>
>>
>> and
>>
>> procedure TCWFA_Server.OnQuerySSLPort(APort: TIdPort; var VUseSSL: Boolean);
>> begin
>>        //Force SSL for all connections
>>        VUseSSL := True;
>> end;
>>
>>
>> The idea here is I only want to allow SSL connections.  When vUseSSL =
>> true my idHttpClient app fails, tring to connect from a browser returns
>>
>> 'An error occurred during a connection to localhost:52123. Cannot
>> communicate securely with peer: no common encryption algorithm(s). Error
>> code: SSL_ERROR_NO_CYPHER_OVERLAP '
>>
>> I have tried every ssl version combination I can think of and the
>> VerifyMode / VerifyDepth settings seem to make no difference.  I have
>> the latest version if the open ssl dlls in with the app. Setting vUseSSL
>> := False allows connection unless I try and force ssl from the browser
>> end. by adding https:// to the call.
>>
>> Any suggestions ?
>>
>>
>>
>> Cheers
>> Rob
>>
>>
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at listserver.123.net.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with Subject: unsubscribe
>>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at listserver.123.net.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at listserver.123.net.nz with Subject: unsubscribe

More information about the Delphi mailing list