These are chat archives for IndySockets/Indy

12th
Oct 2016
Ludwig Behm
@lbehm
Oct 12 2016 08:21
@clust3rsekt0r wich ssl versions does the server support? and wich does your client support? Test the server with openssl s_client and try all the -tls* / -ssl switches
It may be the case that some doesn't accept ssl2/ssl3 anymore.
Walter Prins
@ByteJuggler
Oct 12 2016 15:04
@rlebeau Did a test today cutting out the proxy server, which then passed. So it seems there's some issue with the proxy setup that doesn't matter with older Delphi code but is exposed with newer SNI code for reasons unknown. The following seems perhaps related: http://www.squid-cache.org/mail-archive/squid-users/201406/0335.html And further: http://wiki.squid-cache.org/Features/SslPeekAndSplice I'll follow this up with the network guys here... That said, is it possible to easily instruct Indy to disable the SNI support (or remove the header) to essentially revert to the older behaviour in the meantime?
Remy Lebeau
@rlebeau
Oct 12 2016 16:51
@ByteJuggler unfortunately no. SNI usage is hard-coded, so you would have to alter and recompile Indy to disable use of SNI. Indy does not initiate an SSL/TLS handshake until after a proxy has established a connection to the HTTPS server