Aztec 0 Posted September 28, 2023 Hi All I am trying to send email using indy on our server. We currently run ubuntu 22.04, delphi is 11.3 with the indy that comes with it. However when we try and send email we get the following error [ EIdTLSClientTLSHandShakeFailed ] SSL negotiation failed The code looks like this: SMTPServer := TIdSMTP.Create; SSL := TIdSSLIOHandlerSocketOpenSSL.create(nil); SSL.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; SSL.SSLOptions.Mode := sslmClient; SSL.SSLOptions.VerifyMode := []; SSL.SSLOptions.VerifyDepth := 0; SMTPServer.Host := OutgoingServer; SMTPServer.Port := SMTPPort; SMTPServer.Username := Username; SMTPServer.Password := Password; SMTPServer.IOHandler := SSL; SMTPServer.UseEhlo := True; SMTPServer.UseTLS := utUseExplicitTLS; the parameters I am assigning are correct not quite sure where to go from here, so any help would be appreciated Thanks! Share this post Link to post
DelphiUdIT 162 Posted September 28, 2023 (edited) May be you can try with: //I think these two lines resolve you problems SSL.SSLOptions.Mode := sslmUnassigned; SMTPServer.UseTLS := utUseImplicitTLS; //look also for SSL.Port setting like 465 // SMTPServer.AuthType := satDefault; SMTPServer.ValidateAuthLoginCapability := True; SMTPServer.Connect; SMTPServer.Authenticate; if SMTPServer.DidAuthenticate then begin //Make message SmtpServer.Send(message); end; If you search in the Forum there are others discussion about that. Bye Edited September 28, 2023 by DelphiUdIT Share this post Link to post
Remy Lebeau 1376 Posted September 28, 2023 (edited) 10 hours ago, Aztec said: However when we try and send email we get the following error [ EIdTLSClientTLSHandShakeFailed ] SSL negotiation failed EIdTLSClientTLSHandShakeFailed is an outer exception raised when an earlier exception is caught during the TLS handshake. What does its InnerException say was the initial error? 10 hours ago, Aztec said: the parameters I am assigning are correct What are the actual values you are using? In particular, which Port are you TRYING to connect to, and which Port is it ACTUALLY connecting to? I notice that you are assigning the Port first, then assigning the IOHandler and UseTLS after. Depending on the particular Port value, the UseTLS setter MIGHT be changing the Port to a different value. Try setting the Port after setting UseTLS, to make sure you are actually using the Port you are expecting. Aside from that, does the server in question still support TLS 1.1/1.2? Some servers have made the jump to requiring TLS 1.3 nowadays. Edited September 28, 2023 by Remy Lebeau Share this post Link to post
Aztec 0 Posted September 29, 2023 Hi The actual inner error is General Exception: Could not load SSL library. I did a search in here and it seems that everyone is talking about Windows, but could not find anything related to Linux. I am using virtualmin on ubuntu 22.04. In Virtualmin. The mail server is Postfix. The smtp port is 465, and is being set correctly. Looking in the configs, it does seem that the various SSL versions can be allowed or rejected (See screen shot). I have allowed them all for now, but that makes no difference. Also attaching the config of the Postfix - maybe something in there will show something? thanks for your help!! Share this post Link to post
Remy Lebeau 1376 Posted September 29, 2023 (edited) 34 minutes ago, Aztec said: he actual inner error is General Exception: Could not load SSL library. Hmm, that should say EIdOSSLCouldNotLoadSSLLibrary instead of General Exception. But at least the root cause is now known. Quote I did a search in here and it seems that everyone is talking about Windows, but could not find anything related to Linux. Indy dynamically loads OpenSSL at runtime on most platforms, including Linux. You are seeing the error when Indy is not able to load OpenSSL at runtime. Quote Looking in the configs, it does seem that the various SSL versions can be allowed or rejected (See screen shot). I have allowed them all for now, but that makes no difference. In one of those screens, I see libssl.so.3 and libcrypto.so.3 shown. Those are the OpenSSL libs, but are they for OpenSSL v3.0? If so, that version is not compatible with TIdSSLIOHandlerSocketOpenSSL. By default, Indy loads unversioned .so files before loading versioned files. If those unversioned files are symlinks that map to newer versions, you could get the load error. On 'Nix platforms, Indy has IdOpenSSLSetCanLoadSymLinks() and IdOpenSSLSetLoadSymLinksFirst() functions in the IdSSLOpenSSLHeaders unit. You can set them to False at runtime before using Indy, that way it load the versioned .so files first/only, and then you can deploy OpenSSL v1.0.2 .so files with your app that are currently compatible with Indy. If that is not an option, then you can try this WIP SSLIOHandler for newer OpenSSL versions (not sure if it supports v3.0 or Linux, though) instead of TIdSSLIOHandlerSocketOpenSSL. In any case, one way to handle this error condition a little better in TIdSSLIOHandlerSocketOpenSSL is to call Indy's LoadOpenSSLLibrary() function from the IdSSLOpenSSL unit during your app's startup. If it fails, you can use Indy's WhichFailedToLoad() function from the IdSSLOpenSSLHeaders unit to help diagnose why it failed. Edited September 29, 2023 by Remy Lebeau Share this post Link to post
Aztec 0 Posted September 29, 2023 Ok cool. I will try that. Where can I find those .so files though? Does this require an installation on linux or can I simply place them in the same location as my module? Will indy support the latest SSLlib in Delphi 12? cheers Share this post Link to post
Remy Lebeau 1376 Posted September 29, 2023 (edited) 24 minutes ago, Aztec said: Where can I find those .so files though? There are some at https://github.com/IndySockets/OpenSSL-Binaries, though those might be for Android not Linux (though Android runs on top of Linux). Otherwise you'll have to look around. Quote Does this require an installation on linux or can I simply place them in the same location as my module? You can simply put them in your app's folder, or anywhere else you want. If needed, Indy has an IdOpenSSLSetLibPath() function in the IdSSLOpenSSLHeaders unit. Quote Will indy support the latest SSLlib in Delphi 12? I don't know at this time. I have discussed this matter with Marco Cantu and others, so they are certainly interested in a resolution, and are aware of the PR on GitHub. They are likely going to ship an up-to-date version of Indy's main code with Delphi 12 (see disclaimer below!), but whether they include the PR code in some form is unclear at this time. It is a pretty big PR, and is not incorporated into the main code. I suggested maybe putting the PR code into a new package. Marco suggested maybe providing it as an optional add-on via GetIt, but that is something they would have to setup on their end, if at all. Disclaimer: This blog post is based on a pre-release version of the RAD Studio software and it has been written with specific permission by Embarcadero. No feature is committed until the product GA release. Edited September 29, 2023 by Remy Lebeau Share this post Link to post
Aztec 0 Posted September 29, 2023 ok great. Thanks for your prompt replies. I will try this and see how I get on. Cheers Share this post Link to post