These are chat archives for IndySockets/Indy

29th
Mar 2017
Sergey
@icegood
Mar 29 2017 11:42

Hello, Remy. Here is my results of migration from Indy9 to Indy10 of secured email via different hosts.

Preconditions:
1) Port is hardcoded to 465
2) services to check : mailtrap.io and smtp.gmail.com
3) In our application user can manually choose which type of SSL to use. By default it is OpenSSLv23 i.e. negotiation to choose version is allowed.
Results:
Indy 9 code worked under that settings for both mailtrap.io and smtp.gmail.com.
smtp.gmail.com negotiated with client to TlSv1

under Indy10 negotiation with mailtrap.io works fine
with smtp.gmail.com negotiation doesn't work (why it doesn't negotiated to TlS at all?) but after applying 'magic line'
AIdSMTP.UseTLS := utUseImplicitTLS;
smtp.gmail.com became to understand application in negotiation mode too and negotiation is resolved to TLSv1.2.

Now the question is : is it reliable to left this line provided end user would have own mail server settings?
And why negotiation didn't work without that line?

Remy Lebeau
@rlebeau
Mar 29 2017 15:26
@icegood You must set UseTLS appropriately, as that governs how SSL/TLS is used during the SMTP session. UseTLS=utNoTLSSupport is the default, it means no SSL/TLS is used. UseTLS=utUseImplicitTLS performs an SSL/TLS handshake as soon as the socket is connected, before any SMTP traffic is exchanged. UseTLS=utUseExplicitTLS connects the socket initially unsecure and then issues an SMTP STARTTLS comand to perform a handshake only if the server advertises support for that. Indy 9 did not support STARTTLS at all. Indy 10 does. So you have to specify which mode to use. Not all servers support STARTTLS, but those that do offer it for legacy clients so they don't have to use SSL/TLS if they don't want to. GMail supports both modes. Port 465 is SMTP's implicit SSL port, port 587 is the explicit TLS port.
Justin
@klsyzzz
Mar 29 2017 23:06
hi there, I'm trying to use Indy for SMTP and getting error 'SSL Negotiation failed', I think one before this is 'Could not Load SSL Library', can you please helep
Justin
@klsyzzz
Mar 29 2017 23:26
nevermind, I figured out, I downloaded the dlls for openssl-1.0.2k-x64_86-win64, after replaced with openssl-1.0.2k-i386-win32 it works ok
our application is 32bit but my dev environment is 64 so I was assuming I should use the 64 bit, turns out it's not
Remy Lebeau
@rlebeau
Mar 29 2017 23:41
@klsyzzz you have to batch the bitness of your compiled executable, not your development environment. A 32bit executable can only use 32bit DLLs. A 64bit executable can only use 64bit DLLs