Solved

SSL/TLS INDY on Delphi Seattle - SSL load problem

Posted on 2016-10-20
14
45 Views
Last Modified: 2016-11-01
Dear All

I hope someone can help as I can't fathom this one.

I believe, although have yet to admit it that our Web Store provider has changed something on the access to their API, I suspect they have done what a few people seem to be soing now and that is having a minimum access of TLS1.0 when connecting using HTTPS.

The background behind my reasoning is that about a week ago or so our software which accesses their API suddenly stopped working. I have been away and only noticed this yesterday. Nothing has changed here, I am the developer and no-one else would/could change it. So the only assumption therefore is that they have changed something their end. I am waiting to hear an explanation from them, but nothing forthcoming.

The software is developed in Delphi 2007 and Indy 9 (don't ask - legacy component reasons). I though that Indy 9 supprted TLS1.0. But I get a 'SSL connection' error when I now try to use any part of the API access code. So I suspect they may even be forcing higher 1.1/1.2.

I kind of proved this at home where I have Delphi Berlin/Indy 10 installed - I did manage to do a connect, turning off all SSL versions in the TIdSSLIOHandlerSocketOpenSSL. So my thought was I would just create a little 'request processor' using Delphi Berlin (at home) or Delphi Seattle (at work, which I have in addition to 2007) which I could just call from the main software instead of using the Indy 9 calls.

But I seem to have stumbled across an issue along the line somwhere. It is easier for me to do this at work, so thought I would use Seattle and Indy 10. I created a really basic program, linked the TIdSSLIOHandlerSocketOpenSSL to the HTTP component. And tried a simple 'Get' to the API. But it came back with an error saying it couldn't load the SSL. I then realised I probably needed the 2 OpenSSL DLLs in the program directory. I decided to download the latest versions (1.0.2 of OpenSSL). I wasn't sure if I needed the 32bit libraries as it is a 32 bit programme or the 64bit libraries as it is a 64bit PC. I tried the 32 bit libraries first. No joy, same error. Then the 64 bit libraries - same. So now I am stumped. Other than coding this 'processor' at home which is not really convenient.

So any one have any thoughts on this error I am getting when I try a call?

SSL error message
Hope someone can throw some light on this.

Many thanks,

Trevor
0
Comment
Question by:trevorb
  • 7
  • 3
  • 2
  • +1
14 Comments
 
LVL 36

Assisted Solution

by:Geert Gruwez
Geert Gruwez earned 167 total points
Comment Utility
if you compile 32bit, which you normally do, then you need the 32bit dll's
this is regardless of the machine being 64bit or not

that 4430 looks like a locale it can't find
0
 

Author Comment

by:trevorb
Comment Utility
Hi Geert

Thanks for the reply and explanation. I suspected I needed the 32bit which is what I tend to use. But you know how you begin to doubt yourself when these things happen. You get bogged down in the problem and then start to doubt if it is something else. So thought I would check.

This problem is so infuriating. The original problem with the SSL connection in INDY 9 to the API is definitely an issue caused by our shop platform supplier. We proved it last night. I kept asking and asking what had changed that day when the software stopped. Eventually they conceeded they had made a change:

"found out that there was a change on our side on October 11th regarding DES cipher algorithms according to a report we got from our customer"

They reenabled the "unsafe cipher" method and I tried and it worked. But they said they could not leave it enabled, turned it off and it failed again. So them turning off that cipher has broken the SSL link from Indy.

I thought I might try a later OpenSSL library in case that would fix it but they either won't load or they load but exhibit the same problem.

It would be better if I could fix this somehow. If not, then I will have to try to go down the route I mentioned, creating a 'processor' program in Seattle/Berlin and Indy 10, if I can get that to load which is proving tricky!
0
 
LVL 36

Assisted Solution

by:Geert Gruwez
Geert Gruwez earned 167 total points
Comment Utility
well this happens when you start doubting:
when they are out to get you, paranoia is just good thinking

i would post a question on the indy project forums
http://www.indyproject.org/Support.EN.aspx

there is experts there with way more knowledge about indy
0
 

Author Comment

by:trevorb
Comment Utility
Thanks Geert. Seems a lot of the forums are closed. But one chat place seemed to have a little activity, so I posted there.
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 167 total points
Comment Utility
SSLEAY32.DLL is component of Windows OpenSSL
Probably file has version tag, and you can replace it in place with official later supported OpenSSL DLL (to support legacy crap^h^h^homponents)
0
 
LVL 25

Assisted Solution

by:Sinisa Vuk
Sinisa Vuk earned 166 total points
Comment Utility
Your problem is incorrect version of ssl dlls...Take a newer from here... One should be good...
0
 

Author Comment

by:trevorb
Comment Utility
Gheist/Siniisa, thanks for the suggestion. Yes, I am pretty sure it is an incorrect version of the SSL DLLs. Problem I have is that I have Indy 9 installed in D2007 which is where the web shop software resides. I have tried each version of the SSL libraries in turn and those that load with Indy 9 won't connect after they turned of this particular cipher. I can't use later SSLs as they won't load in Indy 9. I could use Indy 10, yes. But I get the error above anyway. Plus I don't want to have to go back and recode everything in Indy 10, the Indy components I use seemed to have changed. It looked like it was going to involve some recoding when I tried to install and use it before, hence I went back to stick with Indy 9. When I get time, I need to upgrade to Indy 10 and do the convert. But one of the things I need to sort first is why I get the ordinal error in Indy 10 (which I have installed in Seattle). I have some other suggestions people have made too which I might look at. For example, creating a library in Seattle/Indy 10 that I can use in D2007. For now, as there appears no easy solution, I think I will have to use the Synapse libraries to get this working - which don't seem to have any SSL problems.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 25

Assisted Solution

by:Sinisa Vuk
Sinisa Vuk earned 166 total points
Comment Utility
Try look in Archive folder (starting with indy_OpenSSL096m.zip). Put both files in .exe folder...
0
 

Author Comment

by:trevorb
Comment Utility
Thanks Sinisa. Thanks for link. I have already tried the SSL libraries there. I went through each version as far as I could that would load in Indy 9 and the problem is that these will not connect after they removed the cipher. Then I reach versions that won't load in Indy 9, Having said that, I assumed they would load in Indy 10 but I get the ordinal error decribed above.
0
 
LVL 25

Assisted Solution

by:Sinisa Vuk
Sinisa Vuk earned 166 total points
Comment Utility
I'm fighting with this a long time ago (when our government introduce fiscal receipts...) with no luck (on a long distance). So, I use windows wininet api to accomplished this...(with a transparent use of tls/ssl in behind similar to that example). Note: XP doesn't support > tls 1.0.
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 167 total points
Comment Utility
Note: XP supports TLS 1.0 only with 3DES that is not secure as of today....
0
 

Author Comment

by:trevorb
Comment Utility
Thanks for the updates. That's fine as the majority of PCs here are Windows 7, the rest are Windows 10. Nothing less.
0
 

Accepted Solution

by:
trevorb earned 0 total points
Comment Utility
Thanks eveyone for your input on this. In the end, I wrote some librairies using Synapse to replace the Indy code. I couldn't get Indy 9 to connect and Indy 10 just throws the error above. I had to think quickly to resore functionality to our web shop software, so the answer was to sadly abandon Indy in this instance and use the Synapse HTTP functions which would connect without any issues.

So any ECWID (web platform) users out there who need some code to access the ECWID API, I;m happy to share what I have.
0
 

Author Closing Comment

by:trevorb
Comment Utility
In the end eveyone helped focus my mind, but came up with my own solution when no other solutions came up.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now