Delphi Indy 10 + TLS 1.2


I have a problem, when I1m trying to get a https image from a web site. The page uses TLS 1.2, so I use OpenSSL and it works for all the text I want to get from the page. When it comes to the picture, then I get the "underlying crypto error, error connecting with ssl, error 1409442E: SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version.

Does anyone have any idei what is causing this? I've tryed more SSL/TLS versions, but none of them worked. I use the latest dlls.

Thanks for any help in advance!
David TothAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
The message...

1409442E: SSL routines:SSL3_READ_BYTES:tlsv1

Open in new window

suggests you're allowing the SSL3 protocol which has been deprecated for years, as it can be cracked far to easily.

Run your site through the SSLLabs Tester + you'll see exactly what you must fix.

You're target report will resemble + be sure to go through every line of this report, as some lines relate to strength of security + other lines relate to speed of your connections.

In your SSL config, there will be a place to completely disable SSL2 + SSL3. Be sure to disable these + this will likely fix your problem.
David TothAuthor Commented:
Thank very much you for your answer!

I tested my browser and it does not support SSL3. In my delphi code I set the SSLOptions.Method:=sslvTLSv1_2. So I do not understand why this error returs all the time... Do you have any other idea? Is there a way to disable SSL3 in delphi?
David TothAuthor Commented:
I solved the problem. I used an OpenSSL version, that did not support TLS. I updated it to the latest version and everything works like a charm. :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David TothAuthor Commented:
I thought that I used the latest OpenSSL files, but I was wrong. Now I updated it and it solved my problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.