delphi - EIdOSSLUnderlyingCryptoError Exception -


i using indy (idhttp, openssl). use simple code download page

var   idhttp: tidhttp; begin   idhttp:=tidhttp.create;   try     idhttp.get('https://ezfile.ch/?m=help&a=tos');       idhttp.free;   end; end; 

it returns:

eidosslunderlyingcryptoerror exception "error connecting ssl.     error:14094438:ssl routines:ssl3_read_bytes:tlsv1 alert internal error" 

the site uses tls 1.1, aes_128_cbc_sha1, ecdhe-ecdsa. should reproducible.

tried various delphi versions, indy 10.6.2, various openssl version. changing sslversion option did not help.

what problem?

what problem?

the site appears operational me. connect tls 1.2.

i failed when trying connect sslv3, however. that's thing.

its may bug in library. is, trying connect sslv3, or doing else wrong, omitting server name sni. or, loading wrong version of openssl @ runtime. is, compiled against openssl 1.0.2, loading system down level version, 0.9.8, @ run time.

you can clear verify error:num=20 below fetching ca , passing s_client via -cafile.

$ echo -e "get /?m=help&a=tos http/1.1\r\nhost: ezfile.ch\r\n\r\n" | \     openssl s_client -connect ezfile.ch:443 -tls1_1 -servername ezfile.ch -ign_eof connected(00000003) depth=2 c = gb, st = greater manchester, l = salford, o = comodo ca limited, cn = comodo ecc certification authority verify error:num=20:unable local issuer certificate --- certificate chain  0 s:/ou=domain control validated/ou=positivessl multi-domain/cn=sni42046.cloudflaressl.com    i:/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc domain validation secure server ca 2  1 s:/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc domain validation secure server ca 2    i:/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc certification authority  2 s:/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc certification authority    i:/c=se/o=addtrust ab/ou=addtrust external ttp network/cn=addtrust external ca root --- server certificate -----begin certificate----- miigtjccblugawibagirappze3lxw3syzgksuumsjqewcgyikozizj0eawiwgzix czajbgnvbaytakdcmrswgqydvqqiexjhcmvhdgvyie1hbmnozxn0zxixedaobgnv bactb1nhbgzvcmqxgjaybgnvbaoteunptu9etybdqsbmaw1pdgvkmtgwngydvqqd ey9dt01pre8grundiervbwfpbibwywxpzgf0aw9uifnly3vyzsbtzxj2zxigq0eg mjaefw0xntazmjuwmdawmdbafw0xnta5mzaymzu5ntlamgsxitafbgnvbastgerv bwfpbibdb250cm9sifzhbglkyxrlzdehmb8ga1uecxmyug9zaxrpdmvtu0wgtxvs dgktrg9tywlumsmwiqydvqqdexpzbmk0mja0ni5jbg91zgzsyxjlc3nslmnvbtbz mbmgbyqgsm49agegccqgsm49aweha0iabgtnnutz7vtnt80pyh8fgguph78fqb1d fsr0tbke+ygnlgysmctkhekqeupbymfsfhdjuy51iabkf1a2m75iqm6jggs2miie sjafbgnvhsmegdawgbracwfn8lydcu/eeggsb9tuk3y9ljadbgnvhq4efgquo9+d xfonvv7lgctpoyo+2vbluvswdgydvr0paqh/baqdageamawga1udeweb/wqcmaaw hqydvr0lbbywfayikwybbquhawegccsgaqufbwmcme8ga1udiarimeywogylkwyb bagymqecagcwkzapbggrbgefbqccarydahr0chm6ly9zzwn1cmuuy29tb2rvlmnv bs9dufmwcaygz4emaqibmfyga1udhwrpme0ws6bjoeegrwh0dha6ly9jcmwuy29t b2rvy2e0lmnvbs9dt01pre9fq0neb21haw5wywxpzgf0aw9uu2vjdxjlu2vydmvy q0eylmnybdcbiayikwybbquhaqeefdb6mfegccsgaqufbzachkvodhrwoi8vy3j0 lmnvbw9kb2nhnc5jb20vq09nt0rprundrg9tywluvmfsawrhdglvblnly3vyzvnl cnzlcknbmi5jcnqwjqyikwybbquhmagggwh0dha6ly9vy3nwlmnvbw9kb2nhnc5j b20wggl9bgnvhreeggl0miic8iiac25pndiwndyuy2xvdwrmbgfyzxnzbc5jb22c ecouym90axnrywnhzmuucnocfcouzgvlzm9yzgvzawdulmnvlnvrgg0qlmrvcmvn yw1hlnr2gg8qlmr1dgnocg9ybi5vcmeccyouzxpmawxllmnoggwqlmzhagftds5u zxscdcouzmfoyw11lm9yz4ipki5ncmvlbmhhyml0lnvzgg8qlmp1zglryxj0ds5j b22cfcouanvtcgzyb21yb29mlnrvzgf5ggwqlm1vyml1cy54exqcdioubxv0ahjv bmuubmv0gheqlm15ywxwagfob3n0lmnvbyioki5uzxdzymvkcy5jb22cdyoucgf1 bgrpyxouyxnpyyinki5wyxvszglhei5tzyivki5wb2thenkty2hlbwljem5llnbs ghmqlnnpehr5c2l4c291bmquy29tggsqlnnvyxdylm9yz4iski5zdgv2awvjcmlw chmuy29tghoqlnn3aw5nc2v0chjpy2vjb21wyxjllmnvbyilki50dwj5bg8ucgyc dmjvdglza2fjywzllnjzghjkzwvmb3jkzxnpz24uy28udwucc2rvcmvnyw1hlnr2 gg1kdxrjahbvcm4ub3jnggllemzpbguuy2iccmzhagftds5uzxsccmzhagftds5v cmecdwdyzwvuagfiaxqudxocdwp1zglryxj0ds5jb22cemp1bxbmcm9tcm9vzi50 b2rheyikbw9iaxvzlnh5eoimbxv0ahjvbmuubmv0gg9tewfscghhag9zdc5jb22c dg5ld3nizwrzlmnvbyincgf1bgrpyxouyxnpyyilcgf1bgrpyxoubwwce3bva2f6 es1jagvtawn6bmuucgycexnpehr5c2l4c291bmquy29tgglzb2f3ci5vcmecehn0 zxzpzwnyaxbwcy5jb22cghn3aw5nc2v0chjpy2vjb21wyxjllmnvbyijdhviewxv lnbsmaogccqgsm49bamca0kameyciqcddfgzutujwsun3ytumoycbperjkuhn5zn 7l0aganzgqihanpkjy+pnltwcozgccva3febclzpcmu2puate9xbl+ck -----end certificate----- subject=/ou=domain control validated/ou=positivessl multi-domain/cn=sni42046.cloudflaressl.com issuer=/c=gb/st=greater manchester/l=salford/o=comodo ca limited/cn=comodo ecc domain validation secure server ca 2 --- no client certificate ca names sent server temp key: ecdh, p-256, 256 bits --- ssl handshake has read 4166 bytes , written 408 bytes --- new, tlsv1/sslv3, cipher ecdhe-ecdsa-aes128-sha server public key 256 bit secure renegotiation supported compression: none expansion: none no alpn negotiated ssl-session:     protocol  : tlsv1.1     cipher    : ecdhe-ecdsa-aes128-sha     session-id: acb2c0516c9f57ee6aa973463849a53b07caf99a6a78ee6c12ac0cdf99cc9c50     session-id-ctx:      master-key: 0dcce2b3e57e034b271296c716cfbdc4039ae4e6697a8ef560fd7423a9090acec3f924d331c2b8fd0fae5631c9d8219a     key-arg   : none     psk identity: none     psk identity hint: none     srp username: none     tls session ticket lifetime hint: 64800 (seconds)     tls session ticket:     0000 - 03 30 b1 f4 75 9a 14 f7-d5 97 03 b3 4e 4d 5e ab   .0..u.......nm^.     0010 - d1 15 d5 09 4a 7e 88 8b-d1 ba ed 9d 20 b5 bb f4   ....j~...... ...     0020 - 33 c0 14 44 b3 d7 1d 78-f5 f0 f5 06 dd 57 cb 58   3..d...x.....w.x     0030 - 51 6d 0a 18 a7 97 1b d6-36 ea bd ab a3 5a bc 1e   qm......6....z..     0040 - 35 47 31 4b 19 cb c5 94-ac c5 41 f1 65 6a 76 d3   5g1k......a.ejv.     0050 - 9e b2 45 e1 3c 5d dd 4d-49 6f 2f f2 18 1b 88 45   ..e.<].mio/....e     0060 - 9b 9d 50 1e 66 e2 ec c9-e5 87 a1 5a b7 80 d3 60   ..p.f......z...`     0070 - 6d fe 3e b6 77 0b c2 ba-f9 f9 12 49 f3 55 72 02   m.>.w......i.ur.     0080 - b1 da 2b 4c a6 74 50 df-11 12 c9 6b 1d 2f da a8   ..+l.tp....k./..     0090 - 4f bc c5 9e ff f1 ff 5d-9a 28 ad e9 4d 43 09 ed   o......].(..mc..     00a0 - bb 7d d6 1d fc 39 75 1e-e2 6e 2f f4 a6 69 7e 6c   .}...9u..n/..i~l     00b0 - 97 cd 9c 1a 77 0d 14 c7-61 f8 87 cf 24 52 60 3e   ....w...a...$r`>      start time: 1430097932     timeout   : 7200 (sec)     verify return code: 20 (unable local issuer certificate) --- http/1.1 200 ok server: cloudflare-nginx date: mon, 27 apr 2015 01:18:45 gmt content-type: text/html; charset=utf-8 transfer-encoding: chunked connection: keep-alive set-cookie: __cfduid=dc202f5845fd4246ec401ee26196a7e831430097524; expires=tue, 26-apr-16 01:18:44 gmt; path=/; domain=.ezfile.ch; httponly expires: mon, 26 jul 1997 05:00:00 gmt last-modified: mon, 27 apr 2015 01:18:45 gmt cache-control: no-store, no-cache, must-revalidate cache-control: post-check=0, pre-check=0 pragma: no-cache x-frame-options: sameorigin access-control-allow-origin: * cf-ray: 1dd6b1fac4350874-iad ... 

Comments

Popular posts from this blog

jquery - How do you format the date used in the popover widget title of FullCalendar? -

asp.net mvc - SSO between MVCForum and Umbraco7 -

Python Tkinter keyboard using bind -