delphi – tidhttp:奇怪的SSLv3_READ_BYTES错误(直接设置TLSv1_
简单代码:
procedure TForm1.Button1Click(Sender: TObject); //var //h: tIdHTTP; //SSL: TIdSSLIOHandlerSocketOpenSSL; begin h.IOHandler := SSL; SSL.SSLOptions.Method := sslvTLSv1_2; SSL.SLLOptions.SSLVersion := [sslvTLSv1_2]; //must be set automatically after SetMethod,but just to be sure h.Get('https://www.deviantart.com/users/login'); end; 那个简单的代码给了我一个错误:
我使用Delphi XE3和OpenSSL 1.0.2b库. if not (sslvSSLv2 in SSLVersions) then begin SSL_CTX_set_options(fContext,SSL_OP_NO_SSLv2); end; if not (sslvSSLv3 in SSLVersions) then begin SSL_CTX_set_options(fContext,SSL_OP_NO_SSLv3); end; if not (sslvTLSv1 in SSLVersions) then begin SSL_CTX_set_options(fContext,SSL_OP_NO_TLSv1); end; 但sslv3的操作仍然以某种方式进行.看起来不像组件的bug.某个库内部,或者indy在设置参数时没有考虑到什么? 或者实际上是我,谁没有注意到重要的事情? 测试(尝试所有方法,包括TLS1.2)https://www.deviantart.com/users/login Resolving hostname www.deviantart.com. Connecting to 54.230.96.81. Handshake Start: before/connect initialization Connect Loop: before/connect initialization Connect Loop: SSLv3 write client hello A fatal Read Alert: handshake failure Connect Failed: SSLv3 read server hello A ERROR: Error connecting with SSL. error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure >对于SSL3和TLS1 / 1.1 / 1.2结果相同; 对类似资源进行测试(仅限TLS1.2)https://files.yande.re/image/da9afa6d9ca43a9f154fad69f76adb85.jpg Resolving hostname files.yande.re. Connecting to 5.39.10.56. Handshake Start: before/connect initialization Connect Loop: before/connect initialization Connect Loop: SSLv3 write client hello A Connect Loop: SSLv3 read server hello A Connect Loop: SSLv3 read server certificate A Connect Loop: SSLv3 read server key exchange A Connect Loop: SSLv3 read server done A Connect Loop: SSLv3 write client key exchange A Connect Loop: SSLv3 write change cipher spec A Connect Loop: SSLv3 write finished A Connect Loop: SSLv3 flush data Connect Loop: SSLv3 read server session ticket A Connect Loop: SSLv3 read finished A Handshake Done: SSL negotiation finished successfully Connect Exit: SSL negotiation finished successfully 我的WireShark测试: > Indy:http://imgur.com/BZ84Cl3(响应是握手失败); 解决方法
警报握手失败意味着初始握手在服务器端失败,因此它会在关闭连接之前发送警报通知您的客户端.您可能没有设置服务器期望的兼容证书或密码套件.或者服务器可能根本不支持TLS 1.2.请尝试使用TLS 1.0或TLS 1.1.此外,您可以尝试使用OpenSSL自己的s_client工具来调试连接问题,直到找出正确的设置,然后根据需要将它们应用于Indy.或者,使用Wireshark查看实际握手并查看它在哪个阶段失败.
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |