These are chat archives for IndySockets/Indy

26th
Jul 2018
Ana Knickerbocker
@anaknickerbocker
Jul 26 2018 19:43
Is there any documentation for setting up Indy with TLS 1.2? I'm getting a Socket Error #10054, Connection reset by peer.
Remy Lebeau
@rlebeau
Jul 26 2018 19:49
@anaknickerbocker no formal documentation, no. Simply enable sslvTLSv1_2 in the TIdSSLIOHandlerSocketOpenSSL.SSLOptions.SSLVersions property. If the server is resetting the connection, then it likely doesn't like something that is in your TLS handshake (like perhaps if TLS 1.2 is not actually being used, because Indy couldn't find it and fell back to TLS 1.0), and then resets the socket immediately without sending a TLS alert. Hard to say for sure without seeing a capture of the actual handshake
Ana Knickerbocker
@anaknickerbocker
Jul 26 2018 19:51
image.png
I did enable sslvTLSv1_2, but it is falling back to TLS 1.0
Remy Lebeau
@rlebeau
Jul 26 2018 19:53
@anaknickerbocker what platform are you running your app on? What does IdSSLOpenSSLHeaders.IsOpenSSL_TLSv1_2_Available() return?
Remy Lebeau
@rlebeau
Jul 26 2018 20:02
@anaknickerbocker and what version of OpenSSL are you using?
Ana Knickerbocker
@anaknickerbocker
Jul 26 2018 20:14
OpenSSL version 1.0.2o, IdSSLOpenSSLHeaders.IsOpenSSL_TLSv1_2_Available() returns true
App is an add-in for Microsoft Word
Remy Lebeau
@rlebeau
Jul 26 2018 20:19
@anaknickerbocker are you using sslvTLSv1_2 by itself, or do you have other versions enabled in the SSLVersions property, too?
Ana Knickerbocker
@anaknickerbocker
Jul 26 2018 20:27
I've tried using just sslvTLSv1_2, but now I'm using sslvSSLv23
Remy Lebeau
@rlebeau
Jul 26 2018 20:36
@anaknickerbocker Please don't use sslvSSLv23 directly. It is a wildcard for Indy's internal use. Enable only the particular versions you actually want to use. But if you use just sslvTLSv1_2 by itself, I don't see how that can possible fallback to TLS 1.0 when IsOpenSSL_TLSv1_2_Available() is true.
@anaknickerbocker what version of Indy are you using?