Watch, Follow, &
Connect with Us

Please visit our new home
community.embarcadero.com.


Welcome, Guest
Guest Settings
Help

Thread: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure


This question is answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 2 - Last Post: Apr 23, 2018 3:41 PM Last Post By: Cornelia von Sc... Threads: [ Previous | Next ]
Cornelia von Sc...

Posts: 21
Registered: 4/26/07
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 20, 2018 2:56 PM
We are using the Indy TIdHTTP control to post data to a webpage as well as to make xml requests.
The HTTP variable uses an SSLIO handler which is set to use TLS version 1.2.
However, the receiver of our requests is telling us that at their current gateway (which accepts all protocol versions) we are coming in as TLS 1.0, not TLS version 1.2.
To test whether our end is setting the protocol to the correct version, they gave us another URL(*) to post to which only accepts the TLS version 1.2 protocol.
When we try to post to URL (*) we get this error:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure.
What could be the problem?
Thanks for your time
Cornelia

Here is my code:
var
SSLIOHandler: TIdSSLIOHandlerSocketOpenSSL;
HTTP: TIdHTTP;
PostData: TStringStream;
begin
try
SSLIOHandler:= TIdSSLIOHandlerSocketOpenSSL.Create;
SSLIOHandler.SSLOptions.Method := sslvTLSv1_2; // to use TLS version 1.2
SSLIOHandler.SSLOptions.Mode := sslmClient;
try
HTTP := TIdHTTP.Create;
HTTP.IOHandler := SSLIOHandler;
try
PostData := TStringStream.Create(szXMLString, TEncoding.UTF8);
szServerResponse := Trim(HTTP.Post(szGatewayURL, PostData));
finally
PostData.Free;
end;
finally
HTTP.Free;
end;

finally
SSLIOHandler.Free;
end
end;
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 23, 2018 2:46 PM   in response to: Cornelia von Sc... in response to: Cornelia von Sc...
Cornelia von Schellwitz wrote:

We are using the Indy TIdHTTP control to post data to a webpage as
well as to make xml requests. The HTTP variable uses an SSLIO
handler which is set to use TLS version 1.2.

However, the receiver of our requests is telling us that at their
current gateway (which accepts all protocol versions) we are coming in
as TLS 1.0, not TLS version 1.2.

Are you using up-to-date versions of Indy and the OpenSSL DLLs?

If you are using older OpenSSL DLLs that do not support TLS 1.2, Indy
will silently downgrade to TLS 1.0. And if you are not using the
latest version of Indy that enables the TLS SNI extension when
connecting to a server, OpenSSL itself may downgrade to TLS 1.0 as well.

--
Remy Lebeau (TeamB)
Cornelia von Sc...

Posts: 21
Registered: 4/26/07
Re: error:14094410 SSL routines SSL3 READ BYTES sslv3 alert handshake failure  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Apr 23, 2018 3:41 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Thanks so much!
Outdated dlls was indeed the problem.
Cornelia


Remy Lebeau (TeamB) wrote:
Cornelia von Schellwitz wrote:

We are using the Indy TIdHTTP control to post data to a webpage as
well as to make xml requests. The HTTP variable uses an SSLIO
handler which is set to use TLS version 1.2.

However, the receiver of our requests is telling us that at their
current gateway (which accepts all protocol versions) we are coming in
as TLS 1.0, not TLS version 1.2.

Are you using up-to-date versions of Indy and the OpenSSL DLLs?

If you are using older OpenSSL DLLs that do not support TLS 1.2, Indy
will silently downgrade to TLS 1.0. And if you are not using the
latest version of Indy that enables the TLS SNI extension when
connecting to a server, OpenSSL itself may downgrade to TLS 1.0 as well.

--
Remy Lebeau (TeamB)
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02