EldoS | Feel safer!

Software components for data protection, secure storage and transfer

configure TElClientIndySSLIOHandlerSocket

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#26068
Posted: 08/08/2013 15:05:28
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 40

Hi;

My project is built with Rad XE2 - Indy 10 (revision 4806). I use TIdSMTP + TElClientIndySSLIOHandlerSocket for sending mails when SSL or TLS is needed.

Mi components are configured like this:
Code
  object SMTP: TIdSMTP
    OnStatus = SMTPStatus
    IOHandler = SSLIOHandler
    OnWorkBegin = SMTPWorkBegin
    OnWorkEnd = SMTPWorkEnd
    SASLMechanisms = <
      item
        SASL = IdSASLCRAMSHA1
      end
      item
        SASL = IdSASLCRAMMD5
      end
      item
        SASL = IdSASLDigest
      end
      item
        SASL = IdSASLSKey
      end
      item
        SASL = IdSASLOTP
      end
      item
        SASL = SASLLogin
      end
      item
        SASL = IdSASLPlain
      end>
    Left = 8
    Top = 45
  end

  object SSLIOHandler: TElClientIndySSLIOHandlerSocket
    Destination = ':25'
    MaxLineAction = maException
    Port = 25
    DefaultPort = 0
    Versions = [sbSSL2, sbSSL3, sbTLS1, sbTLS11, sbTLS12]
    UseSSLSessionResumption = False
    OnCertificateValidate = SSLIOHandlerCertificateValidate
    Passthrough = True
    IgnoreNonGracefulSSLClosure = True
    RenegotiationAttackPreventionMode = rapmAuto
    Left = 48
    Top = 45
  end


The problem I found is that the component don't work the same way in every test machine. As an example, I try sending to smtp.mail.yahoo.com, port 587, with TLS. It only works well in a Windows Vista machine, but I can't make it working in Win7/WinXP, getting "Connection Closed Gracefully".

What do I have to configure to make it working properly?

Thank you very much.
#26069
Posted: 08/09/2013 00:39:45
by Eugene Mayevski (EldoS Corp.)

1) Please check your implementation of OnCertificateValidate event handler and *for debug purposes* set Validate to true unconditionally. This will exclude possibility of validation problems. We'll get to them later
2) In Versions property of the IOHandler try different versions - only SSL3, only TLS1, then some combinations of TLS. It can happen that yahoo server doesn't accept TLS 1.1 or 1.2 connections and misbehaves.

Also I don't understand what "Destination" is in the above quoted code and I don't think it's necessary there.

And finally - we have our own TElSMTPClient component and you have a license for it so I'd recommend you migrating to our component rather than use outdated and unsupported Indy.


Sincerely yours
Eugene Mayevski
#26078
Posted: 08/09/2013 11:45:57
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 40

Hi Eugene;

Thank you. I seems it works much better if I set Versions properties at runtime, and only for the needed type, like this:

if SSL then
SSLIOHandlerSMTP.Versions := [sbSSL2, sbSSL3]
else if TLS then
SSLIOHandlerSMTP.Versions := [sbTLS1,sbTLS11,sbTLS12];

Best regards.
#37124
Posted: 06/28/2016 07:21:10
by Daniel Schaer (Standard support level)
Joined: 02/16/2012
Posts: 40

Quote
Daniel Schaer wrote:
Hi Eugene;

Thank you. I seems it works much better if I set Versions properties at runtime, and only for the needed type, like this:

if SSL then
SSLIOHandlerSMTP.Versions := [sbSSL2, sbSSL3]
else if TLS then
SSLIOHandlerSMTP.Versions := [sbTLS1,sbTLS11,sbTLS12];

Best regards.


Hi; As I reported in another thread, I used this way up to last week. But it does not work anymore for some providers like GMail and Hotmail (tested in lots of customers installations). So I left version field with the defaults, and in this way it works again.

Best regards,

Daniel.

Reply

Statistics

Topic viewed 841 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!