I am unable to consume a third party API that is hosted on Amazon, I tried several OpenSSL DLLs but without success. I am attaching a small test project with the error example. I am very grateful if anyone can help me. I am using Delphi XE8
(09-16-2020, 04:11 PM)ronaldobim Wrote: [ -> ]I am unable to consume a third party API that is hosted on Amazon, I tried several OpenSSL DLLs but without success.
Which DLLs exactly did you try? What does Indy's
IdSSLOpenSSL.OpenSSLVersion() function report when the error occurs?
(09-16-2020, 04:11 PM)ronaldobim Wrote: [ -> ]I am attaching a small test project with the error example.
You are not configuring the
TIdSSLIOHandlerSocketOpenSSL at all. In particular, it defaults to TLS 1.0 only, but most servers nowadays require TLS 1.1+, so try setting its
SSLOptions.SSLVersions property accordingly, eg:
Code:
FHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
FIdHTTP.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; // <-- ADD THIS!
...
Also, you are leaking the
TIdSSLIOHandlerSocketOpenSSL object, as you are not
Free()'ing it, or assigning an
Owner to it. Assigning the
TIdHTTP.IOHandler property will not take ownership for you. I suggest assigning the
TIdHTTP object as the
Owner, eg:
Code:
FIdHTTP := TIdHTTP.Create(nil); // <-- DO THIS FIRST!
FHandler := TIdSSLIOHandlerSocketOpenSSL.Create(FIdHTTP);
Also, on a side note, you don't need the
TStringStream at all, as
TIdHTTP.Get() has an overload that returns a
String, eg:
Code:
Memo1.Text := FIdHTTP.Get('https://james-assortment-orders-stg.james.delivery/orders/consume-pre-orders/0583266930008a57838f5141aae0ea5138ec43aebd5465465');
Hello, I'm using the following DLLs:
1.0.2.21
libeay32.dll
ssleay32.dll
1.1.1.7
libcrypto-1_1.dll
libssl-1_1.dll
After changing this code below the error changed to:
Error connecting with SSL.
error:14077410:SSL routines:SSL23_GET_SERVER_HELLOslv3 alert handshake failure
I made several attempts with the FHandler.SSLOptions.SSLVersions property and all failed.
Code:
FHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
FHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; // <-- ADD THIS!
...
(09-17-2020, 12:16 PM)ronaldobim Wrote: [ -> ]1.0.2.21
libeay32.dll
ssleay32.dll
That version of the DLLs should work fine. If you are still getting errors with that version after setting the SSLIOHandler's
SSLVersions property, then there is something else going on. You are going to have to dig deeper into the details of the TLS handshake to figure out what is actually failing.
(09-17-2020, 12:16 PM)ronaldobim Wrote: [ -> ]1.1.1.7
libcrypto-1_1.dll
libssl-1_1.dll
TIdSSLIOHandlerSocketOpenSSL does not support OpenSSL 1.1.x. However, there is currently a
pull request in Indy's GitHub repo for a new SSLIOHandler that does. You can download that source code and try it, if you want.
(09-17-2020, 12:16 PM)ronaldobim Wrote: [ -> ]After changing this code below the error changed to:
Error connecting with SSL.
error:14077410:SSL routines:SSL23_GET_SERVER_HELLOslv3 alert handshake failure
That is basically the same error you showed earlier, just being raised from a different area of OpenSSL's code. But without DETAILS, there is really no way to diagnose it for you. "sslv3 alert handshake failure" is a very generic error message, all it means is that the peer sent an alert packet to you, indicating the handshake failed on the peer's end and the peer is going to be closing the connection after the alert. There are MANY things which can cause that to happen.
(09-17-2020, 12:16 PM)ronaldobim Wrote: [ -> ]I made several attempts with the FHandler.SSLOptions.SSLVersions property and all failed.
Then the problem is not related just to the
SSLVersions alone. Something else must be going on.