Indy TIdhttp.Get未加载正确版本的SSL

Question

I am trying to make an interface to FreshDesk API

Here is my source code for the call:

procedure TForm1.Button1Click(Sender: TObject);
var
  IdSSLIOHandlerSocket1: TIdSSLIOHandlerSocketOpenSSL;
  idhttp:  TIdHttp;
begin
  idhttp := TIdHttp.Create(self);
  idhttp.Request.ContentType := 'application/json';
  IdHTTP.Request.BasicAuthentication:= True;
  IdHTTP.Request.Username := 'marks@mytestcompany.com';
  IdHTTP.Request.Password := 'XYZ';
  idhttp.Request.Connection:='keep-alive';
  IdSSLIOHandlerSocket1 := TIdSSLIOHandlerSocketOpenSSL.create(nil);
  with IdSSLIOHandlerSocket1 do begin
    SSLOptions.Method := sslvTLSv1_2;
    SSLOptions.SSLVersions := [sslvTLSv1_2];
    SSLOptions.VerifyMode := [];
    SSLOptions.VerifyDepth := 2;
  end;
  idhttp.IOHandler := IdSSLIOHandlerSocket1;
  idhttp.Request.Accept := '*/*';

  idhttp.HandleRedirects := True;
  if usefiddler.checked then begin
    idhttp.ProxyParams.ProxyServer := '127.0.0.1';
    idhttp.ProxyParams.ProxyPort := 8888 ;
  end;
  showMessage(idhttp.get('https://mytestcompany.freshdesk.com/api/v2/contacts'));
end;

When I run using Fiddler it shows it is using Version: 3.1 (TLS/1.0) :

Here is successful curl call (it seems to be using Version: 3.3 (TLS/1.2) :

curl -v -u marks@mytestcompnay:XYZ -H "Content-Type: application/json" -X GET "https://mytestcompany.freshdesk.com/api/v2/contacts"

Here is Fiddler results when using curl:

Is my problem that I am using the wrong version of TLS?

Answer 1

You are using an outdated version of OpenSSL.

Per comments, you say that you are using OpenSSL 1.0.0q. That version is several years old and does not support TLS v1.2 (which was added to OpenSSL in 1.0.1, which is still an old version). Indy silently falls back to TLS v1.0 when it cannot use TLS v1.1 or v1.2.

You need to update your OpenSSL. The latest version of OpenSSL that Indy currently supports is 1.0.2.