0

I am using TIdTCPClient with SSL. After awhile of connecting, I get these exceptions in the debugger, and the client is disconnected:

Project project1.exe raised exception class EIdOSSLUnderlyingCryptoError with message 'error:14086081:SSL routines:SSL3_ENC:block cipher pad is wrong'.

Project project1.exe raised exception class EIdOSSLUnderlyingCryptoError with message 'error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac'.

And also, it raises "wrong ssl version" with those exceptions above.

I am using sslvSSLv3 on the client and server:

idSslHandler.SSLOptions.Method := sslvSSLv3;
idSslHandler.SSLOptions.Mode := sslmUnassigned;

What could be the problem?

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
madam mar
  • 73
  • 3
  • 13
  • Why are you using SSL 3.0 and not TLS 1.x? – Remy Lebeau Jun 23 '17 at 21:03
  • i thought is it better to use ssl 3 should i try 1.x ? – madam mar Jun 23 '17 at 21:58
  • 1
    SSL 2 is insecure, and SSL 3 is on its way out as well. There is no good reason to ever use either of them in modern systems, unless you have to for legacy support. Always TLS 1.x instead. TLS is the successor to SSL (TLS 1.0 is basically SSL 3.1). – Remy Lebeau Jun 23 '17 at 22:00
  • i got the same error even after using TLS Project project1.exe raised exception class EIdOSSLUnderlyingCryptoError with message 'error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number'. – madam mar Jun 23 '17 at 22:30
  • 1
    "wrong version number" is pretty self-explanatory. The client is not using an SSL/TLS version that the server is expecting. For example, using SSL 3 on a TLS 1.x server. Or using TLS 1.0 on a TLS 1.1+ server. – Remy Lebeau Jun 23 '17 at 22:36
  • they both used the same TLS version and the same dll andthe server side is ubuntu and client side is windows , not that only i get the second exception in the question as well exception class EIdOSSLUnderlyingCryptoError with message 'error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac'. – madam mar Jun 23 '17 at 22:48
  • this is happening while receiving commands . if the server have different version of tls from the client i wouldt be able to connect at all – madam mar Jun 23 '17 at 22:52
  • 1
    I suggest you ask in the OpenSSL community for help. This is not an Indy issue. – Remy Lebeau Jun 24 '17 at 00:52

0 Answers0