delphi - EIdOSSLUnderlyingCryptoError Exception -


i using indy (idhttp, openssl). use simple code download page

var   idhttp: tidhttp; begin   idhttp:=tidhttp.create;   try     idhttp.get('https://ezfile.ch/?m=help&a=tos');       idhttp.free;   end; end;

it returns:

eidosslunderlyingcryptoerror exception "error connecting ssl.     error:14094438:ssl routines:ssl3_read_bytes:tlsv1 alert internal error"

the site uses tls 1.1, aes_128_cbc_sha1, ecdhe-ecdsa. should reproducible.

tried various delphi versions, indy 10.6.2, various openssl version. changing sslversion option did not help.

what problem?

what problem?

the site appears operational me. connect tls 1.2.

i failed when trying connect sslv3, however. that's thing.

its may bug in library. is, trying connect sslv3, or doing else wrong, omitting server name sni. or, loading wrong version of openssl @ runtime. is, compiled against openssl 1.0.2, loading system down level version, 0.9.8, @ run time.

you can clear verify error:num=20 below fetching ca , passing s_client via -cafile.

$ echo -e "get /?m=help&a=tos http/1.1\r\nhost: ezfile.ch\r\n\r\n" | \     openssl s_client -connect ezfile.ch:443 -tls1_1 -servername ezfile.ch -ign_eof connected(00000003) depth=2 c = gb, st = greater manchester, l = salford, o = comodo ca limited, cn = comodo ecc certification authority verify error:num=20:unable local issuer certificate --- certificate chain  0 s:/ou=domain control validated/ou=positivessl multi-domain/cn=sni42046.cloudflaressl.com    i:/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc domain validation secure server ca 2  1 s:/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc domain validation secure server ca 2    i:/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc certification authority  2 s:/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc certification authority    i:/c=se/o=addtrust ab/ou=addtrust external ttp network/cn=addtrust external ca root --- server certificate -----begin certificate----- miigtjccblugawibagirappze3lxw3syzgksuumsjqewcgyikozizj0eawiwgzix czajbgnvbaytakdcmrswgqydvqqiexjhcmvhdgvyie1hbmnozxn0zxixedaobgnv bactb1nhbgzvcmqxgjaybgnvbaoteunptu9etybdqsbmaw1pdgvkmtgwngydvqqd ey9dt01pre8grundiervbwfpbibwywxpzgf0aw9uifnly3vyzsbtzxj2zxigq0eg mjaefw0xntazmjuwmdawmdbafw0xnta5mzaymzu5ntlamgsxitafbgnvbastgerv bwfpbibdb250cm9sifzhbglkyxrlzdehmb8ga1uecxmyug9zaxrpdmvtu0wgtxvs dgktrg9tywlumsmwiqydvqqdexpzbmk0mja0ni5jbg91zgzsyxjlc3nslmnvbtbz mbmgbyqgsm49agegccqgsm49aweha0iabgtnnutz7vtnt80pyh8fgguph78fqb1d fsr0tbke+ygnlgysmctkhekqeupbymfsfhdjuy51iabkf1a2m75iqm6jggs2miie sjafbgnvhsmegdawgbracwfn8lydcu/eeggsb9tuk3y9ljadbgnvhq4efgquo9+d xfonvv7lgctpoyo+2vbluvswdgydvr0paqh/baqdageamawga1udeweb/wqcmaaw hqydvr0lbbywfayikwybbquhawegccsgaqufbwmcme8ga1udiarimeywogylkwyb bagymqecagcwkzapbggrbgefbqccarydahr0chm6ly9zzwn1cmuuy29tb2rvlmnv bs9dufmwcaygz4emaqibmfyga1udhwrpme0ws6bjoeegrwh0dha6ly9jcmwuy29t b2rvy2e0lmnvbs9dt01pre9fq0neb21haw5wywxpzgf0aw9uu2vjdxjlu2vydmvy q0eylmnybdcbiayikwybbquhaqeefdb6mfegccsgaqufbzachkvodhrwoi8vy3j0 lmnvbw9kb2nhnc5jb20vq09nt0rprundrg9tywluvmfsawrhdglvblnly3vyzvnl cnzlcknbmi5jcnqwjqyikwybbquhmagggwh0dha6ly9vy3nwlmnvbw9kb2nhnc5j b20wggl9bgnvhreeggl0miic8iiac25pndiwndyuy2xvdwrmbgfyzxnzbc5jb22c ecouym90axnrywnhzmuucnocfcouzgvlzm9yzgvzawdulmnvlnvrgg0qlmrvcmvn yw1hlnr2gg8qlmr1dgnocg9ybi5vcmeccyouzxpmawxllmnoggwqlmzhagftds5u zxscdcouzmfoyw11lm9yz4ipki5ncmvlbmhhyml0lnvzgg8qlmp1zglryxj0ds5j b22cfcouanvtcgzyb21yb29mlnrvzgf5ggwqlm1vyml1cy54exqcdioubxv0ahjv bmuubmv0gheqlm15ywxwagfob3n0lmnvbyioki5uzxdzymvkcy5jb22cdyoucgf1 bgrpyxouyxnpyyinki5wyxvszglhei5tzyivki5wb2thenkty2hlbwljem5llnbs ghmqlnnpehr5c2l4c291bmquy29tggsqlnnvyxdylm9yz4iski5zdgv2awvjcmlw chmuy29tghoqlnn3aw5nc2v0chjpy2vjb21wyxjllmnvbyilki50dwj5bg8ucgyc dmjvdglza2fjywzllnjzghjkzwvmb3jkzxnpz24uy28udwucc2rvcmvnyw1hlnr2 gg1kdxrjahbvcm4ub3jnggllemzpbguuy2iccmzhagftds5uzxsccmzhagftds5v cmecdwdyzwvuagfiaxqudxocdwp1zglryxj0ds5jb22cemp1bxbmcm9tcm9vzi50 b2rheyikbw9iaxvzlnh5eoimbxv0ahjvbmuubmv0gg9tewfscghhag9zdc5jb22c dg5ld3nizwrzlmnvbyincgf1bgrpyxouyxnpyyilcgf1bgrpyxoubwwce3bva2f6 es1jagvtawn6bmuucgycexnpehr5c2l4c291bmquy29tgglzb2f3ci5vcmecehn0 zxzpzwnyaxbwcy5jb22cghn3aw5nc2v0chjpy2vjb21wyxjllmnvbyijdhviewxv lnbsmaogccqgsm49bamca0kameyciqcddfgzutujwsun3ytumoycbperjkuhn5zn 7l0aganzgqihanpkjy+pnltwcozgccva3febclzpcmu2puate9xbl+ck -----end certificate----- subject=/ou=domain control validated/ou=positivessl multi-domain/cn=sni42046.cloudflaressl.com issuer=/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc domain validation secure server ca 2 --- no client certificate ca names sent server temp key: ecdh, p-256, 256 bits --- ssl handshake has read 4166 bytes , written 408 bytes --- new, tlsv1/sslv3, cipher ecdhe-ecdsa-aes128-sha server public key 256 bit secure renegotiation supported compression: none expansion: none no alpn negotiated ssl-session:     protocol  : tlsv1.1     cipher    : ecdhe-ecdsa-aes128-sha     session-id: acb2c0516c9f57ee6aa973463849a53b07caf99a6a78ee6c12ac0cdf99cc9c50     session-id-ctx:      master-key: 0dcce2b3e57e034b271296c716cfbdc4039ae4e6697a8ef560fd7423a9090acec3f924d331c2b8fd0fae5631c9d8219a     key-arg   : none     psk identity: none     psk identity hint: none     srp username: none     tls session ticket lifetime hint: 64800 (seconds)     tls session ticket:     0000 - 03 30 b1 f4 75 9a 14 f7-d5 97 03 b3 4e 4d 5e ab   .0..u.......nm^.     0010 - d1 15 d5 09 4a 7e 88 8b-d1 ba ed 9d 20 b5 bb f4   ....j~...... ...     0020 - 33 c0 14 44 b3 d7 1d 78-f5 f0 f5 06 dd 57 cb 58   3..d...x.....w.x     0030 - 51 6d 0a 18 a7 97 1b d6-36 ea bd ab a3 5a bc 1e   qm......6....z..     0040 - 35 47 31 4b 19 cb c5 94-ac c5 41 f1 65 6a 76 d3   5g1k......a.ejv.     0050 - 9e b2 45 e1 3c 5d dd 4d-49 6f 2f f2 18 1b 88 45   ..e.<].mio/....e     0060 - 9b 9d 50 1e 66 e2 ec c9-e5 87 a1 5a b7 80 d3 60   ..p.f......z...`     0070 - 6d fe 3e b6 77 0b c2 ba-f9 f9 12 49 f3 55 72 02   m.>.w......i.ur.     0080 - b1 da 2b 4c a6 74 50 df-11 12 c9 6b 1d 2f da a8   ..+l.tp....k./..     0090 - 4f bc c5 9e ff f1 ff 5d-9a 28 ad e9 4d 43 09 ed   o......].(..mc..     00a0 - bb 7d d6 1d fc 39 75 1e-e2 6e 2f f4 a6 69 7e 6c   .}...9u..n/..i~l     00b0 - 97 cd 9c 1a 77 0d 14 c7-61 f8 87 cf 24 52 60 3e   ....w...a...$r`>      start time: 1430097932     timeout   : 7200 (sec)     verify return code: 20 (unable local issuer certificate) --- http/1.1 200 ok server: cloudflare-nginx date: mon, 27 apr 2015 01:18:45 gmt content-type: text/html; charset=utf-8 transfer-encoding: chunked connection: keep-alive set-cookie: __cfduid=dc202f5845fd4246ec401ee26196a7e831430097524; expires=tue, 26-apr-16 01:18:44 gmt; path=/; domain=.ezfile.ch; httponly expires: mon, 26 jul 1997 05:00:00 gmt last-modified: mon, 27 apr 2015 01:18:45 gmt cache-control: no-store, no-cache, must-revalidate cache-control: post-check=0, pre-check=0 pragma: no-cache x-frame-options: sameorigin access-control-allow-origin: * cf-ray: 1dd6b1fac4350874-iad ...

Comments

Post a Comment

Popular posts from this blog

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a
Read more

Python Tkinter keyboard using bind -

i have problem using bind option can click button in keyboard, , call function once key pressed. tried taking other codes have similar purpose , saw i'm doing pretty same, though still have problem must've missed. thankful if me this. here's code: # -*- coding: utf-8 -*- #imports tkinter import * pil import imagetk, image import time import tkmessagebox #===========================================================================================================================================# #tkinter class class app(frame): def __init__(self, master=none): frame.__init__(self, master) self.pack() #===========================================================================================================================================# #game pieces classes class board: def __init__(self, rows = 7, columns = 6, picture_height = none, picture_width = none): self.rows = rows self.columns = columns self.picture
Read more

ubuntu - Selenium Node Not Connecting to Hub, Not Opening Port -

i'm trying set demo selenium grid. have digital ocean ubuntu 14.02 droplet. (i have 2 , tried set using 2 different machines got nowhere.) i'm trying run hub , node both locally. here input both hub, node, , nmap results. https://gist.github.com/mekhami/d5bbecca5ff0de9d2dc9 so, node starting tcp connection reset , port it's supposed operate on closed. i have had no luck in number of different options , configurations work. but... of course, worked randomly once. don't know why, don't know did, know 1 brief moment, node connected , saw on grid console. tried run test , went down again , i've never seen come up. please let me know more information can provide. update: randomly came online again. don't know happened, might related timeout or time_wait or going on. this because vm/server not have enough entropy available. to resolve problem, install haveged (or other similar things). the instructions of how install haveged on ubu
Read more