Jump to content

DelphiUdIT

Members
  • Content Count

    771
  • Joined

  • Last visited

  • Days Won

    17

DelphiUdIT last won the day on May 21

DelphiUdIT had the most liked content!

Community Reputation

244 Excellent

2 Followers

Technical Information

  • Delphi-Version
    Delphi 12 Athens

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Embarcadero generally maintains good compatibility on its products, but obviously when talking about a product that is at least 16 years old, it may be that some manual changes are made. Then there is the third-party libraries to think about.... Further info: for the COMMUNITY license, C++ and DELPHI cannot coexist.
  2. DelphiUdIT

    TLS Issues and TLS3 message comming from Iindy

    Actually thare is something wrong with this (test on Intel platform, Win11 physical machine, Win 7.1 on VirtualBox VM): 1) Same DLL x64 (SSL 1.0.2u), Indy bundle (Rad 12.3), Win 11 works with the host indicated by @Del Murray with or without Chiperlist. 2) Same DLL x64 (SSL 1.0.2u) and exe, Indy bundle (Rad 12.3), Win 7.1 (VM) works with the host indicated by @Del Murray ONLY with explicity set of Chiperlist. This can only be explained if by default the host (server) requested one or more "ciphers" not available in Windows 7 other than those in the ChiperList (because otherwise it could use one of those even if they are not explicit). But running the test via SSLLabs you see that the server's preferential request (for TLSv1_2) corresponds to the indicated CipherList. So there is something in the operating system that introduces an unmanaged variant (for example in Windows 7 Indy or SSL they use the CLIENT's Chiper preference by default while in Windows 11 the Server's preference is used). And if the client does not have a preference list, what does it propose? When I have a moment I will do some tests on this. For me is not a problem because since I used TLS, I always insert ChiprList (in fact I have several applications that run with TLSv1_2 in Windows 7 in an industrial environment).
  3. DelphiUdIT

    TLS Issues and TLS3 message comming from Iindy

    Uhmm, this is a topic about your error and they solve using the update version of Indy and Delphi (from Seattle to Berlin) : https://en.delphipraxis.net/topic/2950-indy-http-error1408f10bssl3_get_recordwrong-version-number/ I don't know if is the same trouble ... EDIT, try this old thing: set the PassThrough of SSLIOHandler to false. After setting the ChiperList inserto this line: IdSSLIOHandlerSocketOpenSSL1.PassThrough := false;
  4. DelphiUdIT

    TLS Issues and TLS3 message comming from Iindy

    It doesn't work with Windows 7 in a VM. OpenSSL 1.0.2u X64. Rad Studio 12.3. Indy Bundle. UPDATE: It works if the chiperlist is in use ...
  5. DelphiUdIT

    TLS Issues and TLS3 message comming from Iindy

    I think the SSL3 is only an symbol to identify the security protocol SSL in general way, not really about SSL3 protocol. But really I don't know way the client doesn't respond to TLS ... I try with a VM ,,, stay tuned ...
  6. DelphiUdIT

    TLS Issues and TLS3 message comming from Iindy

    Webbroker should use only the communication channel, doesn't mind what is the crypto protocol used and how is used, That is how the stack should works, So, if you set the SSLIOHandler correctly all should work.
  7. DelphiUdIT

    TLS Issues and TLS3 message comming from Iindy

    I tried now (like I tried Tuesday) with the host that you gave us, and it works for me. And I tried with and without set the Chiperlist: since the host use TLSv1_2 and TLSV1_3 and as the A+ evaluation you don't need to setup a ChiperList. Normally the connection between Client and Server use the chiper choose by server and setup a ChiperList in your client is for your security. The ChiperList between server and client must match at least one element. To try I simply put an TIdHTTP and an SSLIO Handler and setup only two properties on IDHTTP1 (HandleRedirects and IOHandler), and one on SSLIOHandler (Methods->sslvTLSv1_2 in SSLOptions): Try to do a GET from HTTP like this: If you don't have any errors, it is OK.
  8. DelphiUdIT

    TLS Issues and TLS3 message comming from Iindy

    This is the Indy binaries repo for SSL, the bundle version of Indy ('till now) works with 1.0.2.u : https://github.com/IndySockets/OpenSSL-Binaries
  9. DelphiUdIT

    TLS Issues and TLS3 message comming from Iindy

    May be, the ChiperList list should be construct like this: CipherList := '!EXPORT:!LOW:!aNULL:!eNULL:!RC4:!ADK:!3DES:!DES:!MD5:!PSK:!SRP:!CAMELLIA'+ ':ECDHE-RSA-AES128-GCM-SHA256'+ ':ECDHE-RSA-AES256-GCM-SHA384'+ ':ECDHE-RSA-CHACHA20-POLY1305'+ ':ECDHE-ARIA256-GCM-SHA384'+ ':ECDHE-ARIA128-GCM-SHA256'+ //Weak ma good with old prducts ':ECDHE-RSA-AES256-SHA384'; And take care that scanning the site you indicate, there is a mandatory support to SNI. I don't think if Indy support SNI. EDIT: with Indy Bundle (Delphi 12.3) and TLSv1_2 (OpenSSL ver. 1.0.2u) X64 is working the connection with that host.
  10. DelphiUdIT

    Define conditional symbol in .dpr

    I'm aware of this, and this may be logical, but in the past I had to do 2 (TWO) times COMPLET REBUILD. It didn't work with just one. ... but not always, only sometimes. I know that because I allocate manually the "console" depending of that symbol and without this the I/O error will be produced if some "writeln" is executed (confirmed also by debugging).
  11. DelphiUdIT

    Define conditional symbol in .dpr

    In the past time (surely prior 12.x) I was used to do this, but I stopped 'cause many times the change of the "symbol" define seems that not apply to all units where the symbol was used. It was like if some untis were not compiled. I used the "DEEP_DEBUG" symbol to do a "writeln" for debugging, but sometimes i delete it and the "writeln" was executed the same. I had to compile almost two times the project to make a real change. I have never looked into the problem in depth, because when you have it you are usually already busy up to your neck. So I changed the habit of using the definition in the project options. And when I compile packages (i.e. libraries) ... I always recompile them TWICE. I don't know if this anomaly exists in the current version, but I don't even want to try it.
  12. DelphiUdIT

    Define conditional symbol in .dpr

    Like you told, If you want to define global "symbols" you must insert them in the Project Options / Delphi Compiler / Conditional Defines: You can define it in .DPR like in any other unit, but it is only valid inside that unit. And there should be no errors. May be your line (I think is about a new unit in the uses clause) is inserted in a bad place (like if the previous line has already a ';' terminator) or should be terminated with a ',' ...
  13. DelphiUdIT

    Bugs on WINMD, who can clarify ?

    Thanks, I have to check if something is wrong ... even if apparently everything is working (but I don't use the reported units ... at least ...) . P.S.: I had already changed the reference from "Win32Api" to "WinApi.Windows" in the WINMD units I use and deleted the Win32Api unit .... maybe that's why I never had problems. The alternative might be better ... @himitsu, yes the word "oggi" means "today". That is the screenshoot from the QP in my language.
×