Re: [twsocket] Gmail--04-04-2016
> Request Done Rq=0 Error=SSL Handshake failed EIcsSsleayException > Unable to load SSLEAY DLL. > Can't find SSLv2_method SSLv2_client_method SSLv2_server_method > I updated to V8.23 and OpenSSL to 1.02g. This is all explained in my posting of 3 Mar 2016 in this mailing list announcing support for OpenSSL 1.0.2g. You need ICS V8.24 minimum because OpenSSL has removed support for SSLv2. This is also explained on the download page where you found 1.0.2g, but perhaps not as clearly as it could be. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Gmail--04-04-2016
Witam, I am not sure as i am now away from my PC but it seems 1.02g is nor the most recent openSSL that is expected by most recent ics version. Had similar error that disappeared after updating openSSL . Pozdrawiam Jarek Karciarz -- Od: za...@hmisys.com Data: 13 kwietnia 2016 02:52:36 Temat: [twsocket] Gmail--04-04-2016 Do: twsoc...@elists.org Hello, Recap, using Delphi XE, ICS V7 and Gmail access started failing and I had to configure Gmail to use lesser security. I updated to V8.23 and OpenSSL to 1.02g. Now when I attempt to send an email I get: Request Done Rq=0 Error=SSL Handshake failed EIcsSsleayException Unable to load SSLEAY DLL. Can't find SSLv2_method SSLv2_client_method SSLv2_server_method I verified the dll is the correct version and I am lost as the next step. Ideas? Thanks, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] twsocket] Gmail--04-04-2016
More data. I tried the sample project OverbyteIcsSslMailSnd and I get the same error. Interesting. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Gmail--04-04-2016
Hello, Recap, using Delphi XE, ICS V7 and Gmail access started failing and I had to configure Gmail to use lesser security. I updated to V8.23 and OpenSSL to 1.02g. Now when I attempt to send an email I get: Request Done Rq=0 Error=SSL Handshake failed EIcsSsleayException Unable to load SSLEAY DLL. Can't find SSLv2_method SSLv2_client_method SSLv2_server_method I verified the dll is the correct version and I am lost as the next step. Ideas? Thanks, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Gmail--04-04-2016
> I tested up to 0.9.8x with the same result. Those versions of OpenSSL are long obsolete, no security updates for a long time, only support old protocols, etc. > Wonder if I should take the leap to V8. > Are there any know issues going from V7 to V8? > I am using Delphi XE. If you are using SSL in a commercial environment, you do need to keep up to date with OpenSSL releases to get the latest support for protocols and security fixes, and that means also means ICS V8, ideally the latest version from SVN or the overnight zip. For an SSL client, updating from V7 to V8 should be easy, SSL servers need some extra settings. We only test with our versions of OpenSSL, not the Indy versions which historically had external dependencies on Microsoft DLLs. The old OpenSSL is why your connection cipher was so poor: TLSv1, cipher AES128-SHA whereas with the latest ICS you get: TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key exchange ECDH, encryption AESGCM(128), message authentication AEAD There will be a new OpenSSL 1.1.0 later this month, which I got working with ICS yesterday, adding more ciphers and capabilities. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Gmail--04-04-2016
Angus Robertson - Magenta Systems Ltd wrote: This is totally expected, the only GMail accepts POP connections of this type is if you allow "less secure apps". My password is strong 15 characters, but I still get SMTP and POP3 access with this turned off. Yes, mine was too, but at some point in time it started telling me "you need to activate less secure access". Don't know why though. If you don't want to enable this, you MUST implement two factor authentication according to Google standards, and this is not for the faint hearted (on top of being proprietary) Is that OAUTH or a variant as listed in the capabilities list? Or something different? Yes, that's it. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Gmail--04-04-2016
OK I found http://wiki.overbyte.be/wiki/index.php/ICS_Download has some SSL binaries. I tested up to 0.9.8x with the same result. Wonder if I should take the leap to V8. Are there any know issues going from V7 to V8? I am using Delphi XE. I am posting this journey so if others run into this issue a search might find it. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Gmail--04-04-2016
OK The file version is not the same as the product version. The SSL I am using is 0.9.8r. Searching for binaries I found https://indy.fulgan.com/SSL/. It looks like the last 0.9.8 version was 0.9.8.zh. I am going to give it a go. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Gmail--04-04-2016
> This is totally expected, the only GMail accepts POP connections > of this type is if you allow "less secure apps". My password is strong 15 characters, but I still get SMTP and POP3 access with this turned off. > If you don't want to enable this, you MUST implement two factor > authentication according to Google standards, and this is not for > the faint hearted (on top of being proprietary) Is that OAUTH or a variant as listed in the capabilities list? Or something different? One or more of those has been on my wish list for a long time, useful for other cloud services as well. Someone else did an ICS version a while back, but it never got integrated into ICS. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Gmail--04-04-2016
The password may have been too "simple". Try really complex passwrd. Sent from my Verizon Wireless 4G LTE smartphone Original message From: za...@hmisys.com Date: 4/5/2016 9:28 AM (GMT-05:00) To: twsoc...@elists.org Subject: [twsocket] Gmail--04-04-2016 Hello, Well I was premature. It did not fully work. A new error appeared: ! Starting SSL handshake Secure connection with TLSv1, cipher AES128-SHA, 128 secret bits (128 total) < 220 smtp.gmail.com ESMTP d10sm9778116oem.0 - gsmtp Request Done Rq=0 Error=0 > EHLO XIComputer2 < 250-smtp.gmail.com at your service, [70.196.22.81] < 250-SIZE 35882577 < 250-8BITMIME < 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH < 250-ENHANCEDSTATUSCODES < 250-PIPELINING < 250-CHUNKING < 250 SMTPUTF8 Request Done Rq=10 Error=0 > AUTH LOGIN < 334 VXNlcm5hbWU6 > UGVha0hNSUBnbWFpbC5jb20= < 334 UGFzc3dvcmQ6 > bXJkeHh4MTIzNA== < 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1=1=AKgnsbv6 < 534-5.7.14 7Ogjom3EQKfm4TtUz3biIGwA9H0o-PcPda8uYunCCp7qYQPAs7zzaBGECEktzBGCtwi4JY < 534-5.7.14 SYLk4qpLNfcPbTPVrnkQF1lYXOJCIr4ETuRL8Yf5vEfY8dqK961ePVtuU-ChXUi4OWNE5Y < 534-5.7.14 jUJfQbF2rE-el42NzNHpFZEGnbsfpcYN02EaaGZ0FvZ3BoyyFs80rFbzbXVxxj55w2yrq9 < 534-5.7.14 P5vfls5hxYO3Ww__gfU36mFB46iuo> Please log in via your web browser and < 534-5.7.14 then try again. < 534-5.7.14 Learn more at < 534 5.7.14 https://support.google.com/mail/answer/78754 d10sm9778116oem.0 - gsmtp Request Done Rq=11 Error=534 5.7.14 https://support.google.com/mail/answer/78754 d10sm9778116oem.0 - gsmtp I had to go to: https://www.google.com/settings/security/lesssecureapps and "Turn on" access for less secure apps. The password is correct. Ideas? Thanks, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Gmail--04-04-2016
Hello, > The EHLO argement is supposed to be a host name, not an email address, > many SMTP servers will refuse the connection unless a reverse DNS check >works. Not sure why you are using an email address, the ICS default is >the computer name. Thanks, that was it. What I find funny is we tested with 4 different email services, including Gmail, and it has worked for several years. Ciao, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Gmail--04-04-2016
Witam, Version 8 and open ssl works for me fine as well. Pozdrawiam Jarek Karciarz -- Od: Angus Robertson - Magenta Systems Ltd <an...@magsys.co.uk> Data: 5 kwietnia 2016 09:45:01 Temat: Re: [twsocket] Gmail--04-04-2016 Do: twsocket@lists.elists.org For several years now access to Gmail, using SSL, has been flawless. I am using version 7. Today access to Gmail has failed and I am unsure if it is a temporary issue or Gmail made a change. 501 5.5.4 HELO/EHLO argument theaddr...@gmail.com invalid, Working fine here with the latest ICS version 8 and OpenSSL: 08:32:49 - Sending Mail < 220 smtp.gmail.com ESMTP j18sm18013427wmd.2 - gsmtp 08:32:49 - SMTP Session Connected to 74.125.206.108:587 EHLO PC20 < 250-smtp.gmail.com at your service, [82.33.197.157] < 250-SIZE 35882577 < 250-8BITMIME < 250-STARTTLS < 250-ENHANCEDSTATUSCODES < 250-PIPELINING < 250-CHUNKING < 250 SMTPUTF8 STARTTLS < 220 2.0.0 Ready to start TLS Starting SSL handshake The EHLO argement is supposed to be a host name, not an email address, many SMTP servers will refuse the connection unless a reverse DNS check works. Not sure why you are using an email address, the ICS default is the computer name. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Gmail--04-04-2016
> For several years now access to Gmail, using SSL, has been > flawless. I am using version 7. > Today access to Gmail has failed and I am unsure if it is a > temporary issue or Gmail made a change. > 501 5.5.4 HELO/EHLO argument theaddr...@gmail.com invalid, Working fine here with the latest ICS version 8 and OpenSSL: 08:32:49 - Sending Mail < 220 smtp.gmail.com ESMTP j18sm18013427wmd.2 - gsmtp 08:32:49 - SMTP Session Connected to 74.125.206.108:587 > EHLO PC20 < 250-smtp.gmail.com at your service, [82.33.197.157] < 250-SIZE 35882577 < 250-8BITMIME < 250-STARTTLS < 250-ENHANCEDSTATUSCODES < 250-PIPELINING < 250-CHUNKING < 250 SMTPUTF8 > STARTTLS < 220 2.0.0 Ready to start TLS Starting SSL handshake The EHLO argement is supposed to be a host name, not an email address, many SMTP servers will refuse the connection unless a reverse DNS check works. Not sure why you are using an email address, the ICS default is the computer name. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be