I try to use Delphi XE3 + Indy Control(TIdhttp) to connect to a https site, but the Get method raise an exception "Error connecting with SSL. Error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv 1 alert protocol version"
Below is my code:
var
IOHandler: TIdSSLIOHandlerSocketOpenSSL;
begin
IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
try
IdHTTP1.IOHandler := IOHandler;
IdHTTP1.Get(PostURL, Stream);
finally
IOHandler.Free;
end;
end;
Related
This question already has an answer here:
How can we connect with a website? Getting SSL error 1409442E
(1 answer)
Closed 2 years ago.
I'm using Delphi 10.3.3. The code below used to work but now I'm getting an error when trying to download a file over HTTPS:
Error connecting with SSL error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version'
var
ms : tmemorystream;
ssl : TIdSSLIOHandlerSocketOpenSSL;
source,dest : string;
begin
source := 'https://www.myaddress.com/myfile.zip';
dest := 'c:\myfile.zip';
ms := TMemoryStream.Create;
try
if pos('https',source) > 0 then
begin
ssl := TIdSSLIOHandlerSocketOpenSSL.Create();
idh.IOHandler := ssl;
end;
idhttp1.get(source,ms);
ms.savetofile(dest);
result := 'ok';
finally
ms.Free;
end;
end;
TIdSSLIOHandlerSocketOpenSSL uses only TLS v1.0 by default and the server is rejecting that. You must explicitly allow newer TLS versions:
ssl := TIdSSLIOHandlerSocketOpenSSL.Create();
ssl.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
idh.IOHandler := ssl;
Recent versions of Indy have https support built-in (so no need to create SSL IOHandler, Indy will take care of that automatically).
Also when dealing with files, it is better to use TFilestream instead of TMemoryStream because you you will get into trouble when trying to download files that don't fit into memory.
Here is a MRE for you:
program SO60578855;
{$APPTYPE CONSOLE}
{$R *.res}
uses
idHttp,
Classes,
System.SysUtils;
var
Http : TidHttp;
Fs : TFileStream;
begin
try
Fs := TFileStream.Create('c:\temp\100mb.bin', fmcreate);
Http := TidHttp.Create(nil);
try
Http.Get('https://speed.hetzner.de/100MB.bin', Fs);
finally
Http.Free;
Fs.Free;
end;
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
Readln;
end.
I tried using TRESTClient to connect to an HTTPS web service using TLS 1.2. But NO LUCK with sending multipart/form-data.
So now I am trying with Indy. I got this "Wrong Version Number" error.
I think there is nothing wrong with the code since it worked with HTTP.
Probably my Delphi is missing something. What should I install and how?
procedure TForm10.Button2Click(Sender: TObject);
var
HTTP: TIdHTTP;
RequestBody: TStream;
ResponseBody: string;
myssl: TIdSSLIOHandlerSocketOpenSSL;
Input: TIdMultipartFormDataStream;
begin
ResponseBody := '';
try
try
HTTP := TIdHTTP.Create;
try
Input := TIdMultipartFormDataStream.Create;
try
Input.Clear;
Input.AddFormField('Email', 'xx#xx.com.tr');
Input.AddFormField('Password', 'xx');
myssl := TIdSSLIOHandlerSocketOpenSSL.Create(HTTP);
HTTP.IOHandler := myssl;
myssl.SSLOptions.Mode := sslmUnassigned;
myssl.SSLOptions.Method := sslvTLSv1_2;
myssl.SSLOptions.SSLVersions := [sslvTLSv1_2];
HTTP.HTTPOptions := [hoForceEncodeParams];
HTTP.Request.CustomHeaders.FoldLines := False;
ResponseBody := HTTP.Post('https://xxx.com.tr/api/Mobile/MobileLoginControl', Input);
finally
Input.Free;
end;
finally
HTTP.Free;
end;
finally
end;
except
ResponseBody := '"-20"';
end;
end;
The code is fine, though you are enabling only TLS 1.2 on the SSLIOHandler. Maybe the website in question doesn't support TLS 1.2? Try enabling TLS 1.0 and 1.1 as well:
myssl.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
And don't set the SSLOptions.Method at all. Setting the SSLVersions updates the Method and vice versa. So set one or the other, not both.
I want to read an HTML page via HTTPS using Indy's TIdHTTP in Delphi XE5.
ssleay32.dll and libeay32.dll are in the main program folder.
I am getting an error: SSL23_GET_SERVER_HELLO. What can I do to fix this?
function get_page_text:string;
var
Response: String;
HTTPClient: TidHTTP;
const
url = 'https://www.lustundreiz.com/login';
begin
HTTPClient := TidHTTP.Create;
HTTPClient.AllowCookies := True;
HTTPClient.IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
Response := HTTPClient.get(url);
HTTPClient.Free;
result := response;
end;
The default SSL/TLS version used by TIdSSLIOHandlerSocketOpenSSL when you don't specify a version is TLSv1, not SSLv23. So it is very unusual for you to be getting an SSL23 error.
Many modern web servers now require TLS 1.1 or higher, TLS extensions like SNI, etc. So consider enabling sslvTLSv1_1 and sslvTLSv1_2 in the TIdSSLIOHandlerSocketOpenSSL.SSLOptions.SSLVersions property, in addition to the default sslvTLSv1. And make sure you are using an up-to-date version of Indy and the OpenSSL DLLs to support those versions.
You should also wrap your code in a try..finally so you can Free the TIdHTTP object even if Get() raises an exception.
Try this:
function get_page_text:string;
var
HTTPClient: TIdHTTP;
SSL: TIdSSLIOHandlerSocketOpenSSL;
const
url = 'https://www.lustundreiz.com/login';
begin
HTTPClient := TIdHTTP.Create;
try
HTTPClient.AllowCookies := True;
// set other HTTP properties as needed...
SSL := TIdSSLIOHandlerSocketOpenSSL.Create(HTTPClient);
SSL.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
// set other SSL properties as needed...
HTTPClient.IOHandler := SSL;
Result := HTTPClient.Get(url);
finally
HTTPClient.Free;
end;
end;
Ok, after I updated from Delphi XE5 to Delphi XE10 the Code works well without any Errors.
Thanks to Remy for the Support.
I tried with Indy component to send email in XE2, and it works fine on my laptop that I compiled my project on.
But if I take my exe project to another PC, it shows an error message
Connection closed gracefully
or, sometimes I get
SSL Negotiation failed
Actually I tried many times to solve my problem, but I can't.
This is my code - where is my mistake? I need a practical solution.
procedure Gmail(username, password, totarget, subject, body :string);
var
DATA : TIdMessage;
SMTP : TIdSMTP;
SSL : TIdSSLIOHandlerSocketOpenSSL;
result:Boolean;
begin
try
SMTP := TIdSMTP.Create(nil);
DATA := TIdMessage.Create(nil);
SSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
SSL.Destination := 'smtp.gmail.com:587';
SSL.Host := 'smtp.gmail.com';
// SSL.MaxLineAction.maException;
SSL.Port:= 587;
SSL.SSLOptions.Method := sslvTLSv1;
SSL.SSLOptions.Mode := sslmUnassigned;
SSL.SSLOptions.VerifyMode := [];
SSL.SSLOptions.VerifyDepth := 0;
DATA.From.Address := username;
DATA.Recipients.EMailAddresses := totarget;
DATA.Subject := subject;
DATA.Body.Text := body;
if FileExists('D:\Test1.txt') then
TIdAttachmentFile.Create(DATA.MessageParts, 'D:\Test1.txt');
SMTP.IOHandler := SSL;
SMTP.Host := 'smtp.live.com';
SMTP.Port := 587 ;
SMTP.Username := username;
SMTP.Password := password;
// SMTP.SASLMechanisms;
SMTP.UseTLS := utUseExplicitTLS;
try
try
SMTP.Connect;
SMTP.Send(DATA);
Result := True;
except
on E:Exception do
begin
ShowMessage('Cannot send E-Mail: ' + E.Message);
Result := False;
end;
end;
finally
if SMTP.Connected then SMTP.Disconnect;
end;
except
on E : Exception do
begin
ShowMessage('Error in the function SendEmailDelphi: ' + E.Message);
Result := False;
end;
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
Timer1.Enabled:= True;
end;
procedure TForm1.Timer1Timer(Sender: TObject);
begin
mail_username := 'email#gmail.com';
mail_password := 'pass';
mail_to := 'email#gmail.com';
mail_subject := 'Text email from Delphi project';
mail_body := 'this is a test email sent from Delphi project, do not reply';
try
begin
Gmail(mail_username, mail_password, mail_to , mail_subject, mail_body);
end;
finally
end;
end;
DO NOT set the SSL.Destination, SSL.Host, or SSL.Port properties manually! TIdTCPClient.Connect() handles that for you. Besides, don't you think it's odd that you are setting SSL.Destination/Host to smtp.gmail.com but are setting SMTP.Host to smtp.live.com instead? Gmail and Live are not the same service provider.
Also, SSL.SSLOptions.Mode should be set to sslmClient instead of sslmUnassigned. Not too important, TIdSSLIOHandlerSocketOpenSSL will simply flip it when it configures the connection. But you should do it anyway, since you know your code is acting as a client.
And lastly, try setting SMTP.UseTLS before setting SMTP.Port, as setting UseTLS may change the Port, so you want to make sure you are really connecting to the correct port you are expecting.
With that said, the SSL Negotiation failed error means the TLS handshake was started but failed part-way through the negotiation. Try assigning handlers to TIdSSLIOHandlerSocketOpenSSL's OnStatusInfo/Ex events to see how far the handshake is actually getting. And if you are using a relatively modern version of Indy 10, try looking at the raised exception's InnerException property, it might give you a clue as to what went wrong before the EIdTLSClientTLSHandShakeFailed exception was raised afterwards.
I'm trying to download a file with the idHTTP component but its not working.
I included both OpenSSL DDLs (libeay32 & ssleay32.dll) to my project folder but its not working.
I'm using the idHTTP component with the TidSSLIOHandlerSocketOpenSSL IOHandler and SSL version SSLv3.
With this code I get an EIdHTTPProtocolException with the message "HTTP/1.1 403 Forbidden".
Why do I get this error and how can I get the download to work?
procedure TForm_Main.Button1Click(Sender: TObject);
var
fs: TFileStream;
begin
inherited;
fs := TFileStream.Create('E:\abc.html', fmCreate or fmShareDenyWrite);
try
LoadOpenSSLLibrary;
IdHTTP1.Get('https://www.testcloud.de/index.html', fs);
finally
fs.Free;
end;
end;