Jump to content
Maxxed

TLS v1.3

Recommended Posts

I need TLS v1.3 support in my Delphi 2007 application which uses Indy 10.6.2.5520. I found this solution:

 

https://github.com/IndySockets/Indy/pull/299

 

Everything compiled fine, but I get the following run-time error: "error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed". I believe I need different DLLs. The version I was able to find is "openssl-1.1.1o-win32". Where can I get the DLLs that work with this above mentioned solution?

 

Or, maybe there is a built-in support of TLS v1.3 in Indy already?

Share this post


Link to post

Nop, that pull request is still pending, just read

 

"error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed"

The last part is the interessint part, it contains the error message. By default is certificate verification active.

You have two possibilites:


1.) Just ignore the verification and accept every certificate, even if it is a malicious from an attacker...

MyIOHandler.Options.VerifyCertificate := False;

 

2.) Let OpenSSL handle certificate verification

LMyIOHandler.Options.VerifyCertDirectory := 'C:\Path\To\Certificates';
{ OR USE THIS ALTERNATIVE }
LMyIOHandler.Options.CertFile := 'C:\Path\To\MyCertificates.pem';

 

3.) Implement the certificate verification on your own

procedure HandleMyCertificateVerification(Sender: TObject;
    const x509: TIdOpenSSLX509;
    const VerifyResult: Integer;
    const Depth: Integer;
    var Accepted: Boolean);
begin
  Accepted := DoMyVerification(x509);
end;


LMyIOHandler.Options.OnVerify := HandleMyCertificateVerification;

 

  • Thanks 1

Share this post


Link to post

Thank you very much Mezen! Turning off the certificate verification actually helped! It still needs testing but for now I can finally access websites via TLS v1.3 with Indy!

Share this post


Link to post
Posted (edited)

Hello Mezen. What do I do with this error message:

 

error:141E3152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled

 

I already tried setting AllowUnsafeLegacyRenegotiation to True. It doesn't help.

Edited by Maxxed

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×