I came across a similar problem recently with Indy and did some
research. There is a proposed patch to support Openssl 1.1.1 and hence
TLS1.3. This is discussed on github under
https://github.com/IndySockets/Indy/pull/299
with a proposed patch published under
https://github.com/mezen/Indy/tree/NewOpenSSL_PR
I have tested this proposed patch out with Lazarus/fpc. It is clearly
work in progress and seems to have been frozen while a proper upgrade to
Openssl 3.2. is developed. There is little by the way of additional
documentation. However, I did get it working as a code library by
1. Adding to the unit path, in addition to the usual <indypath>Lib/Core,
Lib/Protocols and Lib/System, the
<indypath>Lib/Protocols/OpenSSL
<indypath>Lib/Protocols/OpenSSL/dynamic
directories, and adding to the include path
<indy path>/Lib/FCL
2. Using the IdOpenSSLIOHandlerClient unit instead of the
IdSSL,IdSSLOpenSSLunits.
3. For an http client using the TIdOpenSSLIOHandlerClient class instead
of the TIdSSLIOHandlerSocketOpenSSLclass as the httpclient's SSLHandler
(no need for any options).
4. compiling and fixing a compile time bug (stray ':' after and "out").
In my test program all then seemed to work fine with OpenSSL 1.1.1. and
the updated Indy source.
On 13/01/2024 08:30, Michael Van Canneyt via lazarus wrote:
On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote:
I wrote a commit reporting application for Windows Server16 back in
2018 using
then current Lazarus/Fpc.
It is a command line program called from a hook in subversion to
distribute the
log message and details of commits among co-workers.
It uses Indy 10.6.2 to do its job.
The mailer class has these in uses:
{Indy units:}
IdSMTP,
IdMessage,
IdEMailAddress,
IdIOHandler,
IdIOHandlerSocket,
IdIOHandlerStack,
IdSSL,
IdSSLOpenSSL,
IdExplicitTLSClientServerBase,
IdMessageBuilder,
Back mid-december 2023 the emails stopped arriving but the problem
was not
discovered/reported until I myself recently did a commit and I did
not get the
expected log message email...
Now I have looked in the logfiles the application creates and found
this error
example:
20240111 17:13:35.343 Connecting to mailserver
20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting
with SSL.
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
Can someone please advice:
- Is there an external (dll?) file on Windows Server 2016 might need
to be
updated for ssl to work in email handling using Indy10 with SSL?
Indy 10 uses a completely outdated version of the SSL library, which does
not have the most recent cryptographic routines (notably for tls).
Most likely the server was updated and now rejects this old version.
There is of course a new version of the openssl library (3.2.x).
The interface of that library changed, but to the best of my
knowledge, indy does not support it.
The sgcWebSockets suite has an updated version of openssl which should
be able to
support openssl 3, but that is paying software..
Michael.
--
_______________________________________________
lazarus mailing list
lazarus@lists.lazarus-ide.org
https://lists.lazarus-ide.org/listinfo/lazarus
