Indy10 with Delphi-7 can't download some SSL pages, even with May 2019 DLLs
Question
I'm working on an old Delphi 7 app that uses Indy 10 to download websites. I'm having difficulty with some, not all, SSL pages.
Version data:
Indy 10
"libeay32.dll": 1.0.2.19 @ 31-May-19
"ssleay32.dll": 1.0.2.19 @ 31-May-19
When trying to download some pages using SSL (eg " https://davisashura.com/ "), in the IdSSLOpenSSLHeaders unit, which is Rev. 1.8, the following procedure raises the indicated error:
class procedure EIdOpenSSLAPISSLError.RaiseExceptionCode(const AErrCode, ARetCode: TIdC_INT; const AMsg: String);
Initialization code:
HTTP := TIdHTTP.Create;
with HTTP do begin
Request.UserAgent := 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)';
HandleRedirects := True;
RedirectMaximum := 5;
ReadTimeout := 20400;
//Request.AcceptEncoding := 'text/html, deflate, gzip'; // some websites don't download with this set
Compressor := TIdCompressorZLib.Create;
IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
HTTPOptions := HTTPOptions + [hoForceEncodeParams, hoInProcessAuth];
end;
Does anyone know how to resolve this?
1 answers
solution1
3 ACCPTED 2019-08-26 17:38:26
The EOF error simply means the server is closing its end of the socket connection during the TLS handshake, without sending back a TLS alert first. Which means the server doesn't like something in the handshake and is bailing out. The most likely culprit is the TLS version.
By default, TIdSSLIOHandlerSocketOpenSSL enables only TLS 1.0, but many sites nowadays require TLS 1.1 or 1.2 instead. You can use the TIdSSLIOHandlerSocketOpenSSL.SSLOptions.SSLVersions property to enable TLS 1.1 and 1.2.
HTTP := TIdHTTP.Create;
HTTP.Request.UserAgent := 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)';
HTTP.HandleRedirects := True;
HTTP.RedirectMaximum := 5;
HTTP.ReadTimeout := 20400;
//HTTP.Request.AcceptEncoding := 'text/html, deflate, gzip'; // some websites don't download with this set
HTTP.Compressor := TIdCompressorZLib.Create(HTTP);
HTTP.HTTPOptions := HTTP.HTTPOptions + [hoForceEncodeParams, hoInProcessAuth];
SSL := TIdSSLIOHandlerSocketOpenSSL.Create(HTTP);
SSL SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; // <-- ADD THIS!
HTTP.IOHandler := SSL;
There is a TODO item in Indy's issue tracker about this issue:
#181: Update TIdSSLIOHandlerSocketOpenSSL to enable TLS 1.1 and 1.2 by default
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.