Re: Problem using IdTCPClient and IdTCPServer with ssl and certificates

Giganews Newsgroups
Subject: Re: Problem using IdTCPClient and IdTCPServer with ssl and certificates
Posted by:  Remy Lebeau (re…@lebeausoftware.org)
Date: Wed, 3 Oct 2012

Chus wrote:

> Socket Error # 10060
> Connection timed out.

That has nothing to do with certificates.  You don't have your SSL settings
configured correctly.  Most likely, your client and server are not configured
to use the same SSL/TLS version (SSLv2, SSLv3, TLSv1, etc), so the client
is not able to read the server's handshake reply correctly.

> FIdSSLIOHandler.SSLOptions.SSLVersions  :=
> [sslvSSLv23,sslvTLSv1];

sslvSSLv23 is a special wildcard.  You should not mix it with other values
like that.  Internally, the SSLOptions.SSLVersions property setter will strip
it out if it is mixed, leaving the SSLOptions.SSLVersions set to just [sslvTLSv1]
by itself, but will have set the SSLOptions.Method to sslvSSLv23 instead.
So either use sslvSSLv23 or sslvTLSv1 by itself, not together.  For a server,
it makes sense to use just sslvTLSv1.  On the client side, it makes sense
to use sslvSSLv23 by itself so the client can dynamically detect which SSL/TLS
version the server is using.  If the client knows ahead of time that the
server is using sslvTLSv1 then the client can use sslvTLSv1 by itself instead.

> FIdSSLIOHandler.Port                    := 23000;
> FIdSSLIOHandler.Host                    := '127.0.0.1';

Don't set those manually.  Connect() handles that internally for you.

--
Remy Lebeau (Indy Team)

Replies

In response to

Problem using IdTCPClient and IdTCPServer with ssl and certificates posted by Chus GZ on Wed, 3 Oct 2012