Jump to content
Fuandi

Indy http error:1408F10B:SSL3_GET_RECORD:wrong version number

Recommended Posts

Is anyone able to help ?

I'm trying to call an API with this code snippet below, but I got  error:1408F10B:SSL3_GET_RECORD:wrong version number

I'm using INDY version 10.6.2.5298 with delphi seattle. Also downloaded libeay32.dll and ssleay32.dll (I forgot which version) and put in same folder with the exe.

 

procedure TForm1.Button1Click(Sender: TObject);
var
  xRequestBody: TStringList;
begin
  IdOpenSSLSetLibPath(ExtractFilePath(ParamStr(0)));

  IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyMode := [];
  IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyDepth := 0;

  IdSSLIOHandlerSocketOpenSSL1.sslOptions.Method := sslvSSLv3;
  IdSSLIOHandlerSocketOpenSSL1.sslOptions.SSLVersions := [sslvSSLv3];

  IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyMode := [];
  IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyDepth := 0;

  IdSSLIOHandlerSocketOpenSSL1.PassThrough := false;

  objHTTP.handleredirects := True;
  objHTTP.Request.UserAgent := 'Mozilla/3.0 (compatible)';


  with objHTTP.Request do
  begin
    Clear;
    ContentType := 'application/x-www-form-urlencoded';
    BasicAuthentication := True;
    UserName := 'test';
    Password := 'test';
  end;

  xRequestBody := TStringList.Create;
  try
    xRequestBody.Add('grant_type=' + 'client_credentials');

    try
      memo1.Text := objHTTP.Post('https://something', xRequestBody);
    except
      on E: Exception do
        ShowMessage('Error on request: ' + #13#10 + e.Message);
    end;
  finally
    xRequestBody.Free;
  end;
end;
 

Share this post


Link to post

Why are you using sslvSSLv3?  Nobody uses SSL v3.0 anymore, as it is no longer secure.  You should be using TLS v1.0 at a minimum, preferably TLS v1.1 and/or TLS v1.2 instead.

 

Get rid of this line completely, as you should not be using the SSLOptions.Method property at all:

IdSSLIOHandlerSocketOpenSSL1.sslOptions.Method := sslvSSLv3;

And then change this line:

IdSSLIOHandlerSocketOpenSSL1.sslOptions.SSLVersions := [sslvSSLv3]; 

To this instead:

IdSSLIOHandlerSocketOpenSSL1.sslOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; 

Also, remove this line completely as well, as TIdHTTP will handle this property for you automatically based on whether it is requesting an HTTP or HTTPS url:

IdSSLIOHandlerSocketOpenSSL1.PassThrough := false;

 

Edited by Remy Lebeau

Share this post


Link to post

Hi Remi,

Thanks for the suggestion. Now I getting this error

raised exception class EidOSSLUnderlyingCryptoError with message 'Error connectiong with SSL. error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

 

Share this post


Link to post
17 hours ago, Fuandi said:

Thanks for the suggestion. Now I getting this error

raised exception class EidOSSLUnderlyingCryptoError with message 'Error connectiong with SSL. error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

That usually means you are trying to perform an SSL/TLS handshake on a non-SSL/TLS port.  Did you remove the assignment of the PassThrough property, like I suggested?  You should be letting TIdHTTP handle that property, do not touch it manually for HTTP at all.  Can you show your updated code?

Edited by Remy Lebeau

Share this post


Link to post

 

Yes, I already removed it. Below is my code.

 

procedure TForm1.Button1Click(Sender: TObject);
var
  xRequestBody: TStringList;
begin
  IdOpenSSLSetLibPath(ExtractFilePath(ParamStr(0)));

  IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyMode := [];
  IdSSLIOHandlerSocketOpenSSL1.sslOptions.VerifyDepth := 0;

  IdSSLIOHandlerSocketOpenSSL1.sslOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];

 

  objHTTP.handleredirects := True;
  with objHTTP.Request do
  begin
    Clear;
    UserAgent := 'Mozilla/3.0 (compatible)';
    ContentType := 'application/x-www-form-urlencoded';
    BasicAuthentication := True;
    UserName := 'hello';
    Password := 'world';


  end;

  xRequestBody := TStringList.Create;
  try
    xRequestBody.Add('grant_type=' + 'client_credentials');

    try
      memo1.Text := objHTTP.Post('https://something', xRequestBody);
    except
      on E: Exception do
        ShowMessage('Error on request: ' + #13#10 + e.Message);
    end;
  finally
    xRequestBody.Free;
  end;
end;
 

Share this post


Link to post
16 hours ago, Fuandi said:

  IdOpenSSLSetLibPath(ExtractFilePath(ParamStr(0)));

Just an FYI, you should not be calling IdOpenSSLSetLibPath() on every HTTP request.  It should be called only once, preferably at program startup.  Indy does not load and unload OpenSSL on every request.  It loads OpenSSL once and leaves it loaded for multiple requests to use.

16 hours ago, Fuandi said:

memo1.Text := objHTTP.Post('https://something', xRequestBody);

Off-hand, I don't see anything else wrong with your code.  So the problem has to be something else preventing the HTTPS session from being established properly.  Are you sure you are posting your HTTPS request to the correct URL to begin with?  It sounds like that maybe that URL is not actually using HTTPS despite starting with "https://".  You can verify that with a packet sniffer, like Wireshark, to look at the actual hello packets of the SSL/TLS handshake.  Most likely, you will see the IOHandler receiving something other than an SSL/TLS ServerHello packet, which would account for the "unknown protocol" error.

Share this post


Link to post

Hi Remi,

I tried with my other pc using delphi berlin with indy 10.6.2.5341, and it works with no error at all.

I guess indy version 10.6.2.5298 got bug or something wrong.

Thanks for the help and explanation so far.

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×