SSL Issue

jptechon · January 25, 2022, 12:14pm

Hi,

delphi : 10.3.3 , RO: 10.0.0.1463.

I use the indyHttpserver and IdServerIOHandlerSSLOpenSSL to setup the SSL.

I hit the NET::ERR_SSL_OBSOLETE_VERSION when using browser to access the server.

below is my IdServerIOHandlerSSLOpenSSL :

object IdServerIOHandlerSSLOpenSSL1: TIdServerIOHandlerSSLOpenSSL
SSLOptions.Method = sslvSSLv23
SSLOptions.SSLVersions = [sslvSSLv2, sslvSSLv3, sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]
SSLOptions.Mode = sslmUnassigned
SSLOptions.VerifyMode = []
SSLOptions.VerifyDepth = 0
OnGetPassword = IdServerIOHandlerSSLOpenSSL1GetPassword
OnGetPasswordEx = IdServerIOHandlerSSLOpenSSL1GetPasswordEx
Left = 144
Top = 288
end

Please advise why have this issue and how to fix? Is it openssl dll version too old?

joe

jptechon · January 25, 2022, 12:39pm

Hi,

I fixed the issue by update the openssl dll to new version. However , I check the ssl setup by some checker.
It reported the PCI DSS and Apple ATS is not passed. How’s this usage and should I need to handle it?

as I need to provide ios APP and android to call the restapi function in my DA server.

Please advise.

Joe

EvgenyK · January 25, 2022, 1:36pm

Hi,

AFAIR, Indy uses OpenSSL v1.0.2 that is outdated because OpenSSL v3 was released recently.

Socket channels (like TROHTTPServer) use OpenSSL v 1.1.1 and they can be updated for using OpenSSL v3.
see more at OpenSSL 3 thread