Develop Reference

Indy server supports SSL 2, but it should not

Indy Delphi 10.1 Berlin.
My customer had the HTTPS connection checked (using Qualys SSL Labs). The report states: "This server supports SSL 2" plus other warnings but I guess they are related to this.
The code used is as follows:
SSLIOhandler:=TIdServerIOHandlerSSLOpenSSL.Create(NIL);
SSLIOhandler.SSLOptions.Method:=sslvTLSv1_2;
SSLIOhandler.SSLOptions.Mode:=sslmServer;
SSLIOhandler.OnVerifyPeer:=OnVerifyPeer;
SSLIOhandler.SSLOptions.SSLVersions:=[sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
HTTPServer:=TIdHTTPServer.Create(NIL);
HTTPServer.IOhandler:=SSLIOhandler;
I have read various posts but this area remains pretty much abacadabra to me. I limited the SSLVersions to just [sslvTLSv1_2] but the warning remains. What else can I do?
Update: Sorry to waste time. The Qualys test site apparently did not reload. I've restarted and retested and indeed it no longer complains about SSL2.
Next step is to pass its complaints about the ciphers, starting with TLS_RSA_WITH_DES_CBC_SHA. I have a list of ciphers but can't find how to assign them. When I use e.g.
SSLOptions.CipherList:='TLS_RSA_WITH_3DES_EDE_CBC_SHA';
I get an error: "SetCipher failed".

Intraweb - web application - users sessions

Today I started to write my first web application and I can't pass one step.
Everything works almost fine... I can connect to the server and open website. Problem is when I open browser and type the same address on the second pc, then I get te same data as on the first one.
Detailed...
Application has two forms, first is for login, and second one is for receiving data.
When I login on the first pc and second form shows up, and then I open browser and put the address of the server on the second pc, I see the second form after login from first pc.
What I should do in this case? I tried to find the solution in the net, but I couldn't :(

If you are using any Delphi IDE after XE3 (including) and using the IntraWeb edition that comes with Delphi you must upgrade in order to have it working correctly. It is free, and more information can be obtained here:
http://atozed.com/IntraWeb/Download/FreeKeyRequest.EN.aspx|
After upgrading (if this is your case) I suggest you to take a look at one of the IntraWeb demos, here:
https://iwdemos.codeplex.com/SourceControl/latest
There is a demo named Features that shows you exactly how to create a multi form application. To be honest, I work with IntraWeb for a long time and I've never seen that. Unless you are using some global var to hold your "current" active form. Have in mind that IntraWeb is a fully multithreaded application and global vars should not be used, unless you have some mechanism protecting concurrent access (but you should get rid of them and use ServerController properties instead).

Thnks for your quick reply.
I work with Delphi from some time, but I never used Intraweb, I worked with ComPort and IP works for I/O devices. I have XE7 and I upgraded Intraweb to 14.0.52.
I can't find a good file exchange server to put my application for sharing with you. If I find somethin I will post it below.
You can check the code and other settings of my simply project. I put the web application inside the link below, it is without the .exe file.
https://www.dropbox.com/s/75zurcew0zr363x/Project1.rar?dl=0
Thanks for your help.

Problems with Push support in Vaadin

I'm having some serious issues with the Server Push support in Vaadin 7, and it's proving difficult to pin down the problem. I've followed all the steps in the Book of Vaadin on enabling server push, including adding the vaadin-push.jar file to WEB-INF/lib, adding the "asyncSupported = true" parameter to the #WebServlet annotation, and adding the #Push annotation to the UI class. (I've also tried specifying the equivalent in the deployment descriptor.) I also added the org.atmosphere.useWebSocketAndServlet3=true property to the catalina.properties file of my Tomcat 7 server, as suggested in https://vaadin.com/wiki/-/wiki/Main/Working%20around%20push%20issues.
I found the Server Push support to be very quirky, making it difficult to identify the problem. For instance, when developing code, the server will often not automatically re-start; only recognizing new code when I close the browser (not just the browser window), stop the server and re-start Eclipse; missing any of these steps will result in the Server Push not working. Note that this issue only occurs when Server Push is enabled. I read something about sessions not expiring when push is enabled (https://vaadin.com/forum#!/thread/3576361), so maybe that's the reason..
I often encounter suspicious log messages:
Mar 02, 2014 9:25:45 PM com.vaadin.server.communication.PushHandler$3 run
WARNING: Could not find push connection to close: 38450652-2a2b-4221-8300-8313e9c4779a with
transport WEBSOCKET
Mar 02, 2014 9:25:45 PM org.apache.catalina.loader.WebappClassLoader loadClass
INFO: Illegal access: this web application instance has been stopped already. Could not load
java.nio.ByteBuffer.
It does seem that the Atmosphere is finding the async support:
INFO: Atmosphere is using async support:
org.atmosphere.container.Tomcat7AsyncSupportWithWebSocket running under container: Apache
Tomcat/7.0.47
I also found this error; don't know whether it indicates a serious problem (haven't tried resolving it, since I don't want to get into the Atmosphere stuff):
WARNING: No BroadcasterCache configured. Broadcasted message between client reconnection will be
LOST. It is recommended to configure the org.atmosphere.cache.UUIDBroadcasterCache
That said, Firefox works quite well with the Server Push, while Chrome has problems and IE spews errors (surprise!). In particular, Chrome often takes quite a while to communicate a UI interaction (e.g., button push) to the server, whereby a spinner (changing color from yellow to orange to red) appears at the right top. IE simply updates the wrong UI components when multiple windows are open. So, as long as every user employs Firefox there's no problem, but I can't possibly assume that.
I came across this post, where developers vented their frustration on the feature: https://vaadin.com/forum#!/thread/4040408. This is quite a recent post, so it doesn't sound too promising.. The only reason I need the Server Push feature is to allow the ChatBox add-on (https://vaadin.com/directory/-/directory/addon/chatbox) to update in real-time.
Any ideas? Has anyone gotten these kinds of errors and managed to get some workaround? Or even better, has anyone gotten the ChatBox add-on to work with the Server Push?
Thanks,
William

Try Again
Web Push is still a young technology, especially the WebSocket variety. Tomcat for example replaced one WebSocket implementation with another. Vaadin’s adoption of the Atmosphere library and all the other work in Vaadin 7 are relatively new. Much has improved in the months following the posting of this Question. I suggest giving Push another try.
Use the latest versions of your web server. For example, both Tomcat 7 & 8 and Jetty have made significant changes in their support of Push and WebSocket.
Use the latest version of Java 8 and Vaadin (7.3.7 now).
No Need For setPollInterval
No need to call UI::setPollInterval as was mentioned in the comments above. That feature uses only one approach to Push.
All you need is the #Push annotation. And a Thread, or better, a ScheduledExecutorService to update the data for display in your app. Using the #Push annotation engages the Atmosphere library. Atmosphere tries multiple techniques of Push, starting with WebSocket, and automatically uses other techniques as a fall-back.
Working Example
I recently (2015-01) posted a working example of Push working in Vaadin 7.3.7 as an answer to another question. My example is purposely minimal, using a single file to replace the MyUI file’s content in a new default Vaadin app project.

How to use component from the old indy9 package

I have upgraded Indy9 to Indy10 in Delphi7. Took some time for me to change all the parts with TCP servers and clients but seems like it works nice now.
Now, i noticed one part is still not working, and thats idHTTPserver component.
Our applications web page is using a mootools library. With Indy9 idHTTPserver it works perfectly, however Indy10 does something, which makes browsers fail to display the page.
Besides some other errors, there is this nonsense error like (Firefox Error console output):
Timestamp: 2013.08.07 13:13:56
Error: SyntaxError: missing ] after element list
Source File: http://192.168.100.2:8780/lib/ui/core/mootools-1.2.4-more-yc.js
Line: 103, Column: 60
Source Code:
unction(){var b=["C?","C ","C","C?","C,","C¢","Cƒ","C£","C"","C¤","C.","C?","Ä,","ă","Ä"","Ä.","Ä?","Ä?","ÄŒ","Ĩ","C?
-------------------------------------------------------------^
The actual source code inside this .js is:
long long text ....... function(){var b=["C?","C ","C","C?","C,","C¢","Cƒ","C£","C"","C¤","C.","C?","Ä,","ă","Ä"","Ä.","Ä?","Ä?","ÄŒ","Ĩ","C?","C§","Ä?","ĸ","Ä","Ä'","Cˆ","CØ","C?","C©","CŠ","CR","C<","C«","Äš","Ä>","Ę","ÄT","Ä?","ÄŸ","CŒ","C¬","C¨","C­","C?","C®","C¸","CÆ","Ĺ","Är","Ľ","ľ","Å","Å,","C'","C±","Å?","ň","Ń","Å"","C'","C²","C"","C³","C"","C´","C.","Cµ","C-","C¶","C˜","Cø","Å'","Ř","ÅT","Å"","Å.","Å ","Å?","Å?","ÅŸ","Åš","Å>","Ť","Å?","Ť","Å?","Å¢","Å£","CT","C¹","Cš","Cr","C>","C»","Cœ","C¼","Å®","ÅÆ","Åø","Cæ","C½","C¯","Ž","ž","Ź","År","Å»","ż","C?","C¾","C","C°","CŸ","Å'","Å"","C?","C¦","Aµ"]; ................ long long text
What is happening here?
I took a deep breathe and thought, hey i could just use the old version of idHTTPserver as i still have the source files of Indy9 in the other folder.
If nobody knows how to fix the indy10 HTTPserver, could somebody please tell me how do i use the old version? Just the HTTPserver component (which surely links with 10s of other old indy files).
I tried to include the old sources, but it was becoming a mess, because it would use the idHTTPserver.pas from old version, yet idCustomHTTPserver.pas (this is what happens after i follow the uses of idHTTPserver.pas file) from new version...

To use a different Indy version in one project, set the project search path to Indy\Lib\Core, \Protocols and \System, and instantiate all components in code.
This also has the advantage that you can avoid the uninstall / install steps to switch between different Indy 10 versions.

While this is not the direct answer to my own question in title, this did solve my problem.
I followed the function HTTPserver.WriteContent which led into idHTTPServer.pas, then compared idHTTPServer.pas files of Indy9 and Indy10, the parts about encoding in Indy10 caught my attention.
At line 2039 i have removed the second argument of the write function
FConnection.IOHandler.Write(ContentText, CharsetToEncoding(CharSet));
replaced with
FConnection.IOHandler.Write(ContentText);
This solved my problem. Everything works fine now.
The main problem here was, as commenters have noticed, the extra " symbols.
I was quite stupid because i clicked the link in the firefox console and it opened the javascript file which was of wrong version and for some reason i thought this was what it was supposed to be. Only a bit later i decided to check the actual file on my PC and it turned out that "C"" was not even C, the actual text is this
var b=["À","à","Á","á","Â","â","Ã","ã","Ä","ä","Å","å","Ă","ă","Ą","ą","Ć","ć","Č","č","Ç","ç","Ď","ď","Đ","đ","È","è","É","é","Ê","ê","Ë","ë","Ě","ě","Ę","ę","Ğ","ğ","Ì","ì","Í","í","Î","î","Ï","ï","Ĺ","ĺ","Ľ","ľ","Ł","ł","Ñ","ñ","Ň","ň","Ń","ń","Ò","ò","Ó","ó","Ô","ô","Õ","õ","Ö","ö","Ø","ø","ő","Ř","ř","Ŕ","ŕ","Š","š","Ş","ş","Ś","ś","Ť","ť","Ť","ť","Ţ","ţ","Ù","ù","Ú","ú","Û","û","Ü","ü","Ů","ů","Ÿ","ÿ","ý","Ý","Ž","ž","Ź","ź","Ż","ż","Þ","þ","Ð","ð","ß","Œ","œ","Æ","æ","µ"];
So, i was right. When the whole text goes through CharsetToEncoding, it translates all these single symbol characters into 2 symbols.
I will not accept my own answer as it doesnt really answer the title question and i would love to know if its possible to use a single component of older version while the rest are newer.

Delphi Indy: cannot load SSL libraries first time. A retry works

I'm using the latest indy snapshot (installed yesterday) and newest SSL libraries.
When trying to send a mail using idSMTP, the first time the component connects, I get an exception:
Could't load the SSL libraries
. Funny thing is, a retry works always. Debugging I found that the problem is in IsSSLOpenSSLHeader, function Loaad: boolean, line
#OpenSSL_add_all_algorithms := LoadFunctionCLib('OpenSSL_add_all_algorithms');
Why does it fail the first time and not the second is still a mystery to me, but before I go on investigating I would like to as if anybody knows the solution to this problem.

The code you are using is NOT the latest snapshot. That bug was fixed a couple of weeks ago. The line you quote is NOT in the latest code, it has been replaced with the following:
fn_OPENSSL_add_all_algorithms_noconf = 'OPENSSL_add_all_algorithms_noconf';
fn_OpenSSL_add_all_algorithms = 'OpenSSL_add_all_algorithms';
#OpenSSL_add_all_algorithms := LoadOldCLib(fn_OpenSSL_add_all_algorithms, fn_OPENSSL_add_all_algorithms_noconf);

I'm using Delphi XE-1 on Win 7/64, with the SSL and Indy that are installed by default. This week I had to do some work with SMTP and SSL, and I ran into the same problem you reported. Our application is somewhat complex and is already live and deployed in several locations and it uses Indy at several points in the code, so installing a newer version of Indy and rebuilding etc, was not very palatable.
Since the problem only arises on the first pass, I traced through some of the code and came up with this simple, painless workaround:
smtpClient.connect;
smtpClient.disconnect;
smtpClient.connect;
if not smtpClient.Authenticate then
raise ...
smtpClient.Send(msg);
Once you call connnect and then disconnect, the SSL libraries are loaded, so on your second call to connect you're good to go.
Works fine.