0

I am trying post under the ssl address service and i got connection timeout 10060., My ssl library and Indy SSl configurations is true because i used same code on email sending with gmail and another services.

I posted with postman it works.

my code

const
  Api = 'https://xxxx.xxxx.com/api/detection/Insert';

procedure TRestSender.SendThreats(CustomerId: Integer;
  DetectionName, Filename: String);
var
  PostData: TStringList;
  res: string;
  Https: TIdHttp;
  IdSSL: TIdSSLIOHandlerSocketOpenSSL;
begin
  Https := Tidhttp.Create(nil);
  PostData := TStringList.Create;
  IdSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
  Https.ReadTimeout := 10000;
  Https.ConnectTimeout:= 10000;

  IdSSL.SSLOptions.Method := sslvTLSv1;
  // IdSSL.OnStatusInfo:= ssl1StatusInfo;
  IdSSL.SSLOptions.Mode := sslmClient;
  Https.IOHandler := IdSSL;
  try
    PostData.Add('Content-Type:application/x-www-form-urlencoded');
    PostData.Add('CustomerId=' + IntToStr(CustomerId));
    PostData.Add('DetectionName=' + DetectionName);
    PostData.Add('DeviceName=' + ComputerName());
    PostData.Add('Filename=' + Filename);
    PostData.Add('ApiUser=' + 'some-code');
    PostData.Add('ApiPass=' + 'some-paswd');
    res := Https.Post(Api, PostData);
  finally
    PostData.Free;
    Https.Free;
    IdSSL.Free;
  end;
end;
Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Maximilliane
  • 37
  • 1
  • 7
  • 1
    On a side note, DO NOT add a `Content-Type` entry to your `PostData`. That value belongs in the `TIdHTTP.Request.ContentType` property instead: `Https.Request.ContentType := 'application/x-www-form-urlencoded';` which you actually don't need to do manually as the `TStrings` version of `TIdHTTP.Post()` handles that internally for you. – Remy Lebeau Aug 09 '18 at 18:02

1 Answers1

1

I have two suggestions:

  1. Wrong TLS version: More and more services disable TLS 1.0 and/or TLS1.1. The default version is TLS 1.0.

    const
  DEF_SSLVERSION = sslvTLSv1;
  DEF_SSLVERSIONS = [sslvTLSv1];

    So add the following line:

    IdSSL.SSLOptions.SSLVersions := [sslvTLSv1_2, sslvTLSv1_1, sslvTLSv1];

  2. Missing SNI support (an example for SNI).

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
complete_stranger
  • 753
  • 4
  • 18
  • thanks for suggestions, Its worked with SNI configurations. Many thanks. – Maximilliane Aug 09 '18 at 17:22
  • 1
    If you use `SSLOptions.SSLVersions`, DONT use `SSLOptions.Method` as well (and vice versa). Setting one updates the other. Also note that the order in which you specify the flags between the `[ ]` brackets doesn't matter, `[sslvTLSv1_2, sslvTLSv1_1, sslvTLSv1]` and `[sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]` are identical. And yes, SNI is already handled automatically in recent versions of Indy. – Remy Lebeau Aug 09 '18 at 18:00
  • Thanks for comment @remy actually i have a question but i don't want to open new question, actually about same subject. I am using RestClient for same web service but on different project. When i call service under ssl RestClient getting same error (timeout 10600) How can i configure RestClient for ssl post and Get methods? – Maximilliane Aug 09 '18 at 18:07
  • @JamesFranklin That is a different question, not related to `TIdHTTP`, so it should be posted separately. Please follow StackOverflow's guidelines on this matter. In any case, I don't have an answer for that one, I don't know how the RestClient works internallly, or how to configure its SSL settings (if even possible). – Remy Lebeau Aug 09 '18 at 18:27