Hi FYI I worked out the issue and have it all working fine now. I am ashamed to admit that I forgot to assign the certificate at the server end
Thanks Rob On 26/10/2018 8:50 AM, Robert Martin wrote: > Hi Ross > > I am using the 32bit 1.0.2p as listed. I was using an older version but > upgraded to make sure that wasn't the issue. I am sure it's just an > Indy setting I have missed but not sure what :) > > Cheers > Rob > > On 25/10/2018 5:18 PM, Ross Levis wrote: >>> I have the latest version if the open ssl dlls in with the app. >> This could be the issue. Indy only supports OpenSSL v1.0.x, not 1.1.x. >> Also ensure you are using the Win32 DLLs if you are compiling your app with >> the 32-bit compiler. >> >> 32-bit >> https://slproweb.com/download/Win32OpenSSL_Light-1_0_2p.exe >> >> 64-bit >> https://slproweb.com/download/Win64OpenSSL_Light-1_0_2p.exe >> >> Ross. >> >> -----Original Message----- >> From: delphi-boun...@listserver.123.net.nz >> [mailto:delphi-boun...@listserver.123.net.nz] On Behalf Of Robert Martin >> Sent: Thursday, 25 October 2018 4:47 p.m. >> To: NZ Borland Developers Group - Delphi List >> Subject: [DUG] Indy 10 SSL issue with TidHttpServer >> >> Hi All >> >> I am having trouble setting up an HttpServer with SSL support. >> Everything works great for non Http but I just added SSL support and cannot >> get clients to access using SSL. >> >> My code below >> >> fIdHTTPServer := TIdHTTPServer.Create(nil); >> >> fIdHTTPServer.Active := False; >> fIdHTTPServer.DefaultPort := fSettings.PortNumber; >> >> with fIdHTTPServer.Bindings.Add do begin >> IP := '127.0.0.1'; >> Port := fSettings.PortNumber; >> end; >> >> fIdHTTPServer.AutoStartSession := True; >> fIdHTTPServer.ListenQueue := 100; >> fIdHTTPServer.MaximumHeaderLineCount := 2048; >> fIdHTTPServer.ServerSoftware := 'TestHTTPServer/' + >> SYS_VERSION; >> fIdHTTPServer.SessionState := True; >> fIdHTTPServer.SessionTimeOut := SYS_SESSION_TIMEOUT_SEC >> * 1000; >> >> //Setup for SSL >> SetDllDirectory(PWideChar(ExtractFilePath(ParamStr(0)))); //This call >> disables SafeDllSearchMode which means the apps directory isn't searched >> first. Might fix issues with multiple different ssl dlls on some installs >> >> fIdHTTPServer.OnQuerySSLPort := OnQuerySSLPort; >> >> >> >> fSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil); >> fSSLHandler.SSLOptions.SSLVersions := [sslvSSLv3, sslvSSLv2, >> sslvTLSv1]; >> fSSLHandler.SSLOptions.Mode := sslmServer; >> fSSLHandler.SSLOptions.VerifyMode := [sslvrfPeer, sslvrfClientOnce]; >> fSSLHandler.SSLOptions.VerifyDepth := 10; >> fIdHTTPServer.IOHandler := fSSLHandler; >> >> >> and >> >> procedure TCWFA_Server.OnQuerySSLPort(APort: TIdPort; var VUseSSL: Boolean); >> begin >> //Force SSL for all connections >> VUseSSL := True; >> end; >> >> >> The idea here is I only want to allow SSL connections. When vUseSSL = >> true my idHttpClient app fails, tring to connect from a browser returns >> >> 'An error occurred during a connection to localhost:52123. Cannot >> communicate securely with peer: no common encryption algorithm(s). Error >> code: SSL_ERROR_NO_CYPHER_OVERLAP ' >> >> I have tried every ssl version combination I can think of and the >> VerifyMode / VerifyDepth settings seem to make no difference. I have >> the latest version if the open ssl dlls in with the app. Setting vUseSSL >> := False allows connection unless I try and force ssl from the browser >> end. by adding https:// to the call. >> >> Any suggestions ? >> >> >> >> Cheers >> Rob >> >> >> >> _______________________________________________ >> NZ Borland Developers Group - Delphi mailing list >> Post: delphi@listserver.123.net.nz >> Admin: http://delphi.org.nz/mailman/listinfo/delphi >> Unsubscribe: send an email to delphi-requ...@listserver.123.net.nz with >> Subject: unsubscribe >> > _______________________________________________ > NZ Borland Developers Group - Delphi mailing list > Post: delphi@listserver.123.net.nz > Admin: http://delphi.org.nz/mailman/listinfo/delphi > Unsubscribe: send an email to delphi-requ...@listserver.123.net.nz with > Subject: unsubscribe _______________________________________________ NZ Borland Developers Group - Delphi mailing list Post: delphi@listserver.123.net.nz Admin: http://delphi.org.nz/mailman/listinfo/delphi Unsubscribe: send an email to delphi-requ...@listserver.123.net.nz with Subject: unsubscribe
