0

I get this error when I try to download a file using TIdHTTP component:

First chance exception at $76D8AAF2. Exception class EIdOSSLUnderlyingCryptoError with message
'Error connecting with SSL.
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version'.
Process Project1.exe (3684)

I have Indy version 10.6.2.5341 shipped with Embarcadero Rad Studio 10.1 Berlin.

I'm using IdSSLIOHandlerSocketOpenSSL with those options enabled:

[sslvtlsv1, sslvtlsv1_1, sslvtlsv1_2], but still same error, I also have ssl dlls in my application exe directory (libeay32.dll and ssleay32.dll) version 1.0.2u, got it from this post:

How can we connect with a website? Getting SSL error 1409442E

And this code I use to download a file:

const UnicodeString URL = "https://www.rarlab.com/rar/winrar-x64-60b1.exe";
    TMemoryStream *ms = new TMemoryStream();

    try
    {
        IdHTTP1->Get(URL, ms);
        ms->SaveToFile("E://winrar.exe");
    }
    __finally
    {
        delete ms;
    }

Update: I upgraded to Indy version 10.6.2.0 and still have the same SSL problem.

halocedark
  • 119
  • 2
  • 13
  • RAD Studio 10.1 Berlin DID NOT ship with Indy 10.1.5, which predates Berlin by over a decade (and didn't have `sslvTLSv1_1`/`sslvTLSv1_2` yet). You can check the exact version that shipped with Berlin [in the IDE](https://www.indyproject.org/2017/11/15/indy-version-info-added-to-delphi-cbuilder-ide/), but I know that XE4 shipped with 10.6.0.0, and Indy 10.6.2.0 was released just before XE8, so Berlin must have a newer version. I suggest you [upgrade](http://ww2.indyproject.org/Sockets/Docs/Indy10Installation.EN.aspx) to the latest from [Indy's GitHub repo](https://github.com/IndySockets/Indy/) – Remy Lebeau Nov 05 '20 at 17:31
  • After installation I see this error log `[ilink32 Error] Fatal: Unable to open file 'INDYSYSTEM.BPI'` I also added library path to the compiler. – halocedark Nov 05 '20 at 20:09
  • There is no `INDYSYSTEM.BPI` file in Indy 10, Indy's packages have version numbers in their filenames, and that includes the BPI files (yes, I know, that is not a good thing, it is an [open issue](https://github.com/IndySockets/Indy/issues/133)), so in this case `INDYSYSTEM240.BPI`. – Remy Lebeau Nov 05 '20 at 20:57
  • So, what is the solution to this? – halocedark Nov 05 '20 at 21:47
  • You have a bad package reference in whatever project is trying to use `INDYSYSTEM.BPI`, you need to fix that. – Remy Lebeau Nov 05 '20 at 21:51
  • I followed the intructions in the page you gave me, and ended up having that error, I followed instructions step by step, maybe you can help me. – halocedark Nov 05 '20 at 22:27
  • There is nothing wrong with the instructions, so you must not have followed them correctly, or you missed a step. Or, you simply have a bad/corrupted project to begin with. – Remy Lebeau Nov 05 '20 at 22:43
  • I re-installed my IDE and checked for Indy version and I found it's 10.6.2.5341. which means it's higher than the version that I upgraded to before which is 10.6.2.0, but why my applications showing me that SSL error I mentioned in my question, can you help please? – halocedark Nov 06 '20 at 11:20
  • "*which means it's higher than the version that I upgraded to*" - actually no. The last number has historically been an SVN revision number, and [Indy doesn't use SVN anymore, it now uses GitHub](https://www.indyproject.org/2019/11/28/indy-svn-retiring-long-live-github/), so the [last number is no longer populated](https://github.com/IndySockets/Indy/issues/292). When Indy was in SVN, the last number would get overwritten via a script before being compiled by Embarcadero, Fulgan, etc, but that no longer applies under GIT. No solution has been implemented yet to address this. – Remy Lebeau Nov 06 '20 at 17:04
  • "*why my applications showing me that SSL error I mentioned in my question*" - if you have upgraded to the latest version of Indy 10 and are still getting the same TLS alert, then either you have the `SSLIOHandler` configured incorrectly (please [edit] your question to show your exact setup), or you are using the wrong OpenSSL DLLs (what do the `IdSSLOpenSSL.OpenSSLVersion()` and `IdSSLOpenSSLHeaders.IsOpenSSL_TLSv1_(0|1|2)_Available()` functions report?). – Remy Lebeau Nov 06 '20 at 17:12
  • Where is Indy directory mentioned in the installation instructions [here](http://ww2.indyproject.org/Sockets/Docs/Indy10Installation.EN.aspx) in **After Compiling** – halocedark Nov 06 '20 at 17:13
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/224214/discussion-between-remy-lebeau-and-halocedark). – Remy Lebeau Nov 06 '20 at 17:15
  • I updated my question @Remy Lebeau, please read the **Update** – halocedark Nov 06 '20 at 19:02
  • Your Update doesn't add any new information that I had asked for. – Remy Lebeau Nov 06 '20 at 19:09
  • I'm using the same setup in my question, I just upgraded to Indy 10.6.2.0, but the same error is not solved – halocedark Nov 06 '20 at 19:14
  • You did not show how you are creating the `TIdHTTP` and `TIdSSLIOHandlerSocketOpenSSL` objects, what properties you are setting for them, etc. I need to see the ACTUAL SETUP you are using. Also, you didn't answer my earlier question about what the `IdSSLOpenSSL(Headers)` utility functions are actually reporting, so I can't even tell if you are using OpenSSL correctly. – Remy Lebeau Nov 06 '20 at 19:18
  • I solved the problem, I was using open ssl win 64 files from [here](https://github.com/IndySockets/OpenSSL-Binaries) , when I used win32 it the error is gone now. – halocedark Nov 06 '20 at 19:22
  • 1
    You can't use 64bit DLLs in a 32bit app, and vice versa. If you did, you should have gotten a load error and failed to even connect to the server, let alone get a TLS alert from the server. – Remy Lebeau Nov 06 '20 at 19:44

0 Answers0