Fuandi 0 Posted June 6, 2020 Is anyone able to help ? I'm trying to call an API with this code snippet below, but I got error:1408F10B:SSL3_GET_RECORD:wrong version number I'm using INDY version 10.6.2.5298 with delphi seattle. Also downloaded libeay32.dll and ssleay32.dll (I forgot which version) and put in same folder with the exe. procedure TForm1.Button1Click(Sender: TObject); var xRequestBody: TStringList; begin IdOpenSSLSetLibPath(ExtractFilePath(ParamStr(0))); IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyMode := []; IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyDepth := 0; IdSSLIOHandlerSocketOpenSSL1.sslOptions.Method := sslvSSLv3; IdSSLIOHandlerSocketOpenSSL1.sslOptions.SSLVersions := [sslvSSLv3]; IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyMode := []; IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyDepth := 0; IdSSLIOHandlerSocketOpenSSL1.PassThrough := false; objHTTP.handleredirects := True; objHTTP.Request.UserAgent := 'Mozilla/3.0 (compatible)'; with objHTTP.Request do begin Clear; ContentType := 'application/x-www-form-urlencoded'; BasicAuthentication := True; UserName := 'test'; Password := 'test'; end; xRequestBody := TStringList.Create; try xRequestBody.Add('grant_type=' + 'client_credentials'); try memo1.Text := objHTTP.Post('https://something', xRequestBody); except on E: Exception do ShowMessage('Error on request: ' + #13#10 + e.Message); end; finally xRequestBody.Free; end; end; Share this post Link to post
Remy Lebeau 1394 Posted June 8, 2020 (edited) Why are you using sslvSSLv3? Nobody uses SSL v3.0 anymore, as it is no longer secure. You should be using TLS v1.0 at a minimum, preferably TLS v1.1 and/or TLS v1.2 instead. Get rid of this line completely, as you should not be using the SSLOptions.Method property at all: IdSSLIOHandlerSocketOpenSSL1.sslOptions.Method := sslvSSLv3; And then change this line: IdSSLIOHandlerSocketOpenSSL1.sslOptions.SSLVersions := [sslvSSLv3]; To this instead: IdSSLIOHandlerSocketOpenSSL1.sslOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; Also, remove this line completely as well, as TIdHTTP will handle this property for you automatically based on whether it is requesting an HTTP or HTTPS url: IdSSLIOHandlerSocketOpenSSL1.PassThrough := false; Edited June 8, 2020 by Remy Lebeau Share this post Link to post
Fuandi 0 Posted June 9, 2020 Hi Remi, Thanks for the suggestion. Now I getting this error raised exception class EidOSSLUnderlyingCryptoError with message 'Error connectiong with SSL. error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Share this post Link to post
Remy Lebeau 1394 Posted June 9, 2020 (edited) 17 hours ago, Fuandi said: Thanks for the suggestion. Now I getting this error raised exception class EidOSSLUnderlyingCryptoError with message 'Error connectiong with SSL. error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol That usually means you are trying to perform an SSL/TLS handshake on a non-SSL/TLS port. Did you remove the assignment of the PassThrough property, like I suggested? You should be letting TIdHTTP handle that property, do not touch it manually for HTTP at all. Can you show your updated code? Edited June 9, 2020 by Remy Lebeau Share this post Link to post
Fuandi 0 Posted June 10, 2020 Yes, I already removed it. Below is my code. procedure TForm1.Button1Click(Sender: TObject); var xRequestBody: TStringList; begin IdOpenSSLSetLibPath(ExtractFilePath(ParamStr(0))); IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyMode := []; IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyDepth := 0; IdSSLIOHandlerSocketOpenSSL1.sslOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; objHTTP.handleredirects := True; with objHTTP.Request do begin Clear; UserAgent := 'Mozilla/3.0 (compatible)'; ContentType := 'application/x-www-form-urlencoded'; BasicAuthentication := True; UserName := 'hello'; Password := 'world'; end; xRequestBody := TStringList.Create; try xRequestBody.Add('grant_type=' + 'client_credentials'); try memo1.Text := objHTTP.Post('https://something', xRequestBody); except on E: Exception do ShowMessage('Error on request: ' + #13#10 + e.Message); end; finally xRequestBody.Free; end; end; Share this post Link to post
Remy Lebeau 1394 Posted June 10, 2020 16 hours ago, Fuandi said: IdOpenSSLSetLibPath(ExtractFilePath(ParamStr(0))); Just an FYI, you should not be calling IdOpenSSLSetLibPath() on every HTTP request. It should be called only once, preferably at program startup. Indy does not load and unload OpenSSL on every request. It loads OpenSSL once and leaves it loaded for multiple requests to use. 16 hours ago, Fuandi said: memo1.Text := objHTTP.Post('https://something', xRequestBody); Off-hand, I don't see anything else wrong with your code. So the problem has to be something else preventing the HTTPS session from being established properly. Are you sure you are posting your HTTPS request to the correct URL to begin with? It sounds like that maybe that URL is not actually using HTTPS despite starting with "https://". You can verify that with a packet sniffer, like Wireshark, to look at the actual hello packets of the SSL/TLS handshake. Most likely, you will see the IOHandler receiving something other than an SSL/TLS ServerHello packet, which would account for the "unknown protocol" error. Share this post Link to post
Fuandi 0 Posted June 11, 2020 Hi Remi, I tried with my other pc using delphi berlin with indy 10.6.2.5341, and it works with no error at all. I guess indy version 10.6.2.5298 got bug or something wrong. Thanks for the help and explanation so far. Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
