EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Ssl connection error. Handshake failed in idHTTP+IOSocketHandler

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#6568
Posted: 06/11/2008 02:30:02
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

just tried to make a https server using Indy+Iohandler from SBB. In v.5 everything was Ok. I put TIdHTTPServer, TElIndySSLServerIOHandler and TElMemoryCertStorage. Assigned all properties, imported certificate into CertStorage and it was done (tested with IE). But now all I get is Ssl connection error exception. What could be wrong?
#6571
Posted: 06/11/2008 02:46:18
by Ken Ivanov (EldoS Corp.)

What exactly exception do you get?
#6572
Posted: 06/11/2008 02:49:08
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Have you set OnCertificateValidate event handler?
#6573
Posted: 06/11/2008 03:19:31
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

exception class EIdSSLProtocolReplyError with message 'Error connecting with SSL.'.
and then
exception class EElSSLError with message 'Handshake failed'.

OnCertificateValidate is not fired

Auth level is alRequireCert
PassThrough = false
ClientAuth = false
#6578
Posted: 06/11/2008 07:22:37
by Eugene Mayevski (EldoS Corp.)

Are you testing with the same server? The most possible reason is that the server doesn't understand some options in the sent request (and the options were added after the version 5 you mentioned). Most likely it's some cipher suite code or the extension request.

The first step to take is disable TLS 1.1 (leaving only SSL3 and TLS 1). This is done via Versions property of the component.

Next, the components have OnSSLError event which (supposedly) will give some information about what exactly happens during the handshake. Most likely the server just closes connection (OpenSSL behaves in this way when it sees TLS 1.1), but maybe it does this gracefully, reporting the error.


Sincerely yours
Eugene Mayevski
#6579
Posted: 06/11/2008 08:11:40
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

There's no OnSSLError in TElIndySSLServerIOHandler. I've created a small testcase so that you could test it.. Nither IE nor Opera don't want to connect to it. Besides, I see exceptions only in IDE and not in program itself..
Thanks fo your help


[ Download ]
#6580
Posted: 06/11/2008 08:35:26
by Eugene Mayevski (EldoS Corp.)

Mmm, SecureBlackbox includes a sample web server built with Indy. Does it work for you?


Sincerely yours
Eugene Mayevski
#6581
Posted: 06/11/2008 09:07:43
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

Nope... same stuff.. And for you? ) I'm gonna check the whoe thing on the other pc
#6597
Posted: 06/12/2008 03:05:46
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Which version of Indy you are using?
#6600
Posted: 06/12/2008 07:16:27
by Scratch  (Standard support level)
Joined: 02/07/2008
Posts: 34

standart one, shipped with Delphi 2007 (10.1.5)
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 6040 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!