Re: [twsocket] HTTPS problem
Hi Arno, I did copy Openssl v0.9.8x from the wiki. First I got 'unsupported ssl version', but this VM still uses ICS version 5.x. So I download ICS version 7.x and copied the vc32 directory to a new search path, changed the filenames to 'OverbyteIcsxxx' and all is working now ;-) I also got information from Belgacom. The day it stopped working they upgraded there reverse proxy to a newer version, so there was maybe some conflict between SSL versions. This is a test application, now I will do same changes in the production application. I hope there will no conflicts because it is very large and contains a lot of server and clients using ICS version 5.x. However there is only 1 unit (this one) using SSL so I assume there will be no problem. Thanks again for the help! -- mvg, Wilfried http://www.mestdagh.biz http://www.comfortsoftware.be http://www.expertsoftware.be > -Oorspronkelijk bericht- > Van: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org] > Namens Arno Garrels > Verzonden: vrijdag 8 februari 2013 17:53 > Aan: ICS support mailing > Onderwerp: Re: [twsocket] HTTPS problem > > Wilfried Mestdagh wrote: > > It is an old application written in Delphi 7. > > No problem since both ICSv7 and ICSv8 still support Delphi 7. > > -- > Arno > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS problem
Wilfried Mestdagh wrote: > It is an old application written in Delphi 7. No problem since both ICSv7 and ICSv8 still support Delphi 7. -- Arno -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS problem
Ik ga dus eerst proberen in Delphi XE met latest version.
> -Oorspronkelijk bericht-
> Van: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org]
> Namens Arno Garrels
> Verzonden: woensdag 6 februari 2013 18:47
> Aan: ICS support mailing
> Onderwerp: Re: [twsocket] HTTPS problem
>
> Arno Garrels wrote:
> > If you send that file to me as PM
> > I'll take a look at it when
> > I have some minutes,
>
> Hello Wilfried,
>
> Received your log thanks, it looks strange!
>
> When I try to Post some nonsense data to your URL it
> works as expected (404 return). Strange is that the server seems
> to initiate a SSL/TLS renegotiation so there are two
> OnSslHandshakeDone events for me.
>
> The first handshake in _your log succeeds however the second fails:
> {code}
> - 15:13:48:793 ICB> SSL3 alert read fatal handshake failure
> - 15:13:48:803 00A94398 BIO_read(sslbio, 0x1, 0) = 0 [186]
> - 15:13:48:803 00A94398 1812 [187] error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
> {code}
>
> Maybe a newer OpenSSL libraries will help since some older versions
> did not support renegotiation due to some security issue that was
> fixed in newer versions. In my test above I used Openssl v0.9.8x
> 32-bits from: http://wiki.overbyte.be/wiki/index.php/ICS_Download
> with latest ICSv8, latest ICSv7 should make no difference in this
> regard.
>
> --
> Arno
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS problem
Hello Arno,
Ok I will try with latest version. This is at the moment not the case. It is
an old application written in Delphi 7. Normally I don't update components
at the time there are a lot of commercial applications because I cannot test
them all.
But I have Delphi XE on another VM and will try with latest version first.
I have news hewever from Belgacom. But they know nothing about SSL. The only
thing they see is that my request gets to there reverse proxy witch
generates a 403 error. But I don't get a 403. According to them there should
be something wrong with my SSL but they don't know what.
I will first try again with latest version and then I come back here.
--
mvg, Wilfried
http://www.mestdagh.biz
http://www.comfortsoftware.be
http://www.expertsoftware.be
> -Oorspronkelijk bericht-
> Van: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org]
> Namens Arno Garrels
> Verzonden: woensdag 6 februari 2013 18:47
> Aan: ICS support mailing
> Onderwerp: Re: [twsocket] HTTPS problem
>
> Arno Garrels wrote:
> > If you send that file to me as PM
> > I'll take a look at it when
> > I have some minutes,
>
> Hello Wilfried,
>
> Received your log thanks, it looks strange!
>
> When I try to Post some nonsense data to your URL it
> works as expected (404 return). Strange is that the server seems
> to initiate a SSL/TLS renegotiation so there are two
> OnSslHandshakeDone events for me.
>
> The first handshake in _your log succeeds however the second fails:
> {code}
> - 15:13:48:793 ICB> SSL3 alert read fatal handshake failure
> - 15:13:48:803 00A94398 BIO_read(sslbio, 0x1, 0) = 0 [186]
> - 15:13:48:803 00A94398 1812 [187] error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
> {code}
>
> Maybe a newer OpenSSL libraries will help since some older versions
> did not support renegotiation due to some security issue that was
> fixed in newer versions. In my test above I used Openssl v0.9.8x
> 32-bits from: http://wiki.overbyte.be/wiki/index.php/ICS_Download
> with latest ICSv8, latest ICSv7 should make no difference in this
> regard.
>
> --
> Arno
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS problem
Arno Garrels wrote:
> If you send that file to me as PM
> I'll take a look at it when
> I have some minutes,
Hello Wilfried,
Received your log thanks, it looks strange!
When I try to Post some nonsense data to your URL it
works as expected (404 return). Strange is that the server seems
to initiate a SSL/TLS renegotiation so there are two
OnSslHandshakeDone events for me.
The first handshake in _your log succeeds however the second fails:
{code}
- 15:13:48:793 ICB> SSL3 alert read fatal handshake failure
- 15:13:48:803 00A94398 BIO_read(sslbio, 0x1, 0) = 0 [186]
- 15:13:48:803 00A94398 1812 [187] error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
{code}
Maybe a newer OpenSSL libraries will help since some older versions
did not support renegotiation due to some security issue that was
fixed in newer versions. In my test above I used Openssl v0.9.8x
32-bits from: http://wiki.overbyte.be/wiki/index.php/ICS_Download
with latest ICSv8, latest ICSv7 should make no difference in this
regard.
--
Arno
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS problem
Wilfried Mestdagh wrote: > I set IcsLogger, but I'm not sure what I should conclude from this > log. I'm not HTTPS experience :( Can someone say what possible go > wrong seeing this log? >From what you posted in your previous mail there's no SSL stuff included in the log, check your IcsLogger LogOptions. Best results when you include every LogOption except just one of the loDest.. opts, choose loDestFile and LogFileOption = lfoOverwrite. That's the fastest way to get it all logged. If you send that file to me as PM I'll take a look at it when I have some minutes, either today or tomorrow evening. -- Arno -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
