3

I am using TIdHTTP to get from a https URL, my code works fine until http is used, but on https i have

Socket Error # 10054 Connection reset by peer.

In many SO answers I Read about TLS 1.0 being the default so I tried to set it to TLS 1.2

I experimented by changing many properties in TIdHTTP and TIdSSLIOHandlerSocketOpenSSL but with no success.

The URL against which this fails is https://nesufficio.my.qualibus.it/FeriePermessiDemo/DOQualibus/QappCommandHandler.

There is an handshake issue I am not able to overcome, if I disable the firewall and proxy and connect to the http URL directly it works (even if in that case I must use the full URL to have a meaningful behavior). So my problem is purely in Indy: how to connect to that URL successfully?

This is the code i use:

procedure TForm1.btnGetFromMyWebserver(Sender: TObject);
var
  IdHTTP: TIdHTTP;
  IdSSLIOHandlerSocketOpenSSL: TIdSSLIOHandlerSocketOpenSSL;
  response, url: string;
begin
  IdHTTP := TIdHTTP.Create;
  // here i set the custom headers that are not relevant
  // to study the connection closed by peer problem
  try

      try
        IdSSLIOHandlerSocketOpenSSL :=  TIdSSLIOHandlerSocketOpenSSL.Create(IdHTTP);
        IdSSLIOHandlerSocketOpenSSL.Port := 443; // I tried to force the port to 443
        IdSSLIOHandlerSocketOpenSSL.SSLOptions.Mode       := sslmClient;
        IdSSLIOHandlerSocketOpenSSL.SSLOptions.SSLVersions:= [sslvTLSv1_2];
        IdHTTP.IOHandler := IdSSLIOHandlerSocketOpenSSL;
        IdHTTP.HandleRedirects := True;
        url := 'https://nesufficio.my.qualibus.it/FeriePermessiDemo/DOQualibus/QappCommandHandler'; // this is not the actual endpoint but it is enough to reproduce the handshaking error
        response := IdHTTP.Get(url);
      except
        on e:Exception
        do
          response := e.message;
      end;
  finally
    IdHTTP.Free;
  end;
  ShowMessage('Response was:' + response);
end;

Could you please give me a hand and help me pinpoint where the problem is?

My indy version is 10.6.2.5298 and I use Delphi 10 Seattle.

Thanks in advance.

UnDiUdin
  • 14,924
  • 39
  • 151
  • 249
  • Debug both ends - if the server and/or proxy side gets confused/crashes/etc it will kill the connection. – Brian Apr 06 '21 at 12:23
  • Thanks. he message never reaches the server, if i simply paste the URL in the browser i see the reply "Missing primary key" in the browser, but with indy i am not able to achieve the result, so the problem is at delphi end, not at server end. I am not able to tell to Indy how to perform the call with https correctly. – UnDiUdin Apr 06 '21 at 15:21
  • 1
    @LaBracca what you have shown is perfectly fine (though you can remove the `Port` assignment as `Get()` will overwrite it, and `SSLVersions` should be `[sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]` unless you know for a fact that the server *only* supports TLS 1.2). So the problem has to be something else. For instance, which version of the OpenSSL DLLs are you using? Have you tried upgrading to the latest [Indy from GitHub](https://github.com/IndySockets/Indy/)? Have you tried sniffing network traffic to compare Indy's TLS handshake to a web browser's TLS handshake? – Remy Lebeau Apr 06 '21 at 16:13
  • @RemyLebeau thanks a lot! I downloaded the dlls from `https://indy.fulgan.com/SSL/` and with those dlls (those are dated 2019, my ones were 2017) it works fine. About TLS version my server supports 1.2 only. – UnDiUdin Apr 06 '21 at 16:31
  • 2
    @LaBracca FYI, see [OpenSSL binaries moved to GitHub](https://www.indyproject.org/2020/06/16/openssl-binaries-moved-to-github/) on Indy's blog – Remy Lebeau Apr 06 '21 at 16:56
  • @RemyLebeau thanks, those are newer in fact. if you post a answer i will accept it. As a "side question" where is it possible to read Indy docs? Thanks! – UnDiUdin Apr 07 '21 at 07:15

1 Answers1

1

I realized I was using very old Open SSL dlls, by getting the latest from GitHub, as advised by Remy Lebeau I managed to make the gethttp call work properly even with a https endpoint.

So the solution is just use a recent version of the Open SSl dlls.

UnDiUdin
  • 14,924
  • 39
  • 151
  • 249