BorlandTalk.com Borland discussion newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  OpenSSL requirements          BorlandTalk.com Forum Index -> Delphi Internet Winsock View previous topic :: View next topic   Author Message Darryl Strickland Guest Posted: Thu Aug 24, 2006 11:43 pm    Post subject: OpenSSL requirements When using OpenSSL to connect to an email server via IMAP and SMTP are certificates required? I have tried with implicitTLS and explicitTLS and every possible combination but none is reliable. Thanks Darryl Back to top Eugene Mayevski Guest Posted: Thu Aug 24, 2006 11:51 pm    Post subject: Re: OpenSSL requirements Hello! You wrote on Thu, 24 Aug 2006 14:43:22 -0400: DS> When using OpenSSL to connect to an email server via IMAP and SMTP are DS> certificates required? I have tried with implicitTLS and explicitTLS DS> and every possible combination but none is reliable. The question is not really openssl-specific, but about TLS. Server-side certificates are required to authenticate the server. There exist anonymous cipher suites for TLS, but this doesn't make much sense. Client-side certificates *may* be required by the server to authenticate the client. Presense of this requirement depends on the actual server setup. With best regards, Eugene Mayevski Back to top Darryl Strickland Guest Posted: Fri Aug 25, 2006 12:32 am    Post subject: Re: OpenSSL requirements Eugene, Thanks for the answer. What I'm trying to figure out is why ssl connects some of the time and others it fails to this mail server. When it fails I have received the TLS Handshake error and other times no meaning full errors. Any ideas? I'm using the latest build of Indy with Openssl but I had the same results with an earlier 10x version of Indy and Indy openssl before upgraded a couple of days ago Thanks Darryl Eugene Mayevski wrote: Quote: Hello! You wrote on Thu, 24 Aug 2006 14:43:22 -0400: When using OpenSSL to connect to an email server via IMAP and SMTP are certificates required? I have tried with implicitTLS and explicitTLS and every possible combination but none is reliable. The question is not really openssl-specific, but about TLS. Server-side certificates are required to authenticate the server. There exist anonymous cipher suites for TLS, but this doesn't make much sense. Client-side certificates *may* be required by the server to authenticate the client. Presense of this requirement depends on the actual server setup. With best regards, Eugene Mayevski Back to top Eugene Mayevski Guest Posted: Fri Aug 25, 2006 12:47 am    Post subject: Re: OpenSSL requirements Hello! You wrote on Thu, 24 Aug 2006 15:32:21 -0400: DS> Thanks for the answer. What I'm trying to figure out is why ssl DS> connects some of the time and others it fails to this mail server. DS> When it fails I have received the TLS Handshake error and other times DS> no meaning full errors. Is it the same server each time? Frankly speaking I didn't work with OpenSSL (our developers did), but you can use SecureBlackbox 5 beta (http://www.eldos.com/sbb/download.php) and it's TElSimpleSMTPClient to do the tests. At least you will get the detailed error report and will be able to diagnose the problem. With best regards, Eugene Mayevski Back to top Remy Lebeau (TeamB) Guest Posted: Fri Aug 25, 2006 12:49 am    Post subject: Re: OpenSSL requirements "Darryl Strickland" <dstrickland (AT) integratedconsole (DOT) com> wrote in message news:44edf2cd$1 (AT) newsgroups (DOT) borland.com... Quote: When using OpenSSL to connect to an email server via IMAP and SMTP are certificates required? No. Quote: I have tried with implicitTLS and explicitTLS and every possible combination but none is reliable. What EXACTLY have you tried? Which components are you using? What does your code look like? Gambit Back to top Remy Lebeau (TeamB) Guest Posted: Fri Aug 25, 2006 12:51 am    Post subject: Re: OpenSSL requirements "Darryl Strickland" <dstrickland (AT) integratedconsole (DOT) com> wrote in message news:44edfe48 (AT) newsgroups (DOT) borland.com... Quote: What I'm trying to figure out is why ssl connects some of the time and others it fails to this mail server. When it fails I have received the TLS Handshake error and other times no meaning full errors. If it is the same server each time, then contact the email server adminsitrator and ask about it. Gambit Back to top Darryl Strickland Guest Posted: Fri Aug 25, 2006 2:10 am    Post subject: Re: OpenSSL requirements This is how I'm creating the Id components to use with OpenSSL. I have tried all the SSLOption combination but this works the best but still fails 50% of the time. If the main thread it works about 75% of the time but in background threads about 50% but sometimes fails every time. I've tried every combination of these three settings. SSLOptions.Method := sslvTLSv1; SSLOptions.Mode := sslmBoth; SSLOptions.VerifyMode := [sslvrfClientOnce]; Here's the code: var IdUserPassProvider1: TIdUserPassProvider; IdSSLIOHandlerSocketOpenSSLSmtp: TIdSSLIOHandlerSocketOpenSSL; IdSASLLogin1: TIdSASLLogin; IdSASLCRAMMD51: TIdSASLCRAMMD5; IdSASLAnonymous1: TIdSASLAnonymous; TheSMTP: TIdSMTP; begin IdUserPassProvider1 := TIdUserPassProvider.Create(Self); with IdUserPassProvider1 do begin Password := frmMain.YourPassword; Username := frmMain.YourAccount; end; IdSSLIOHandlerSocketOpenSSLSmtp := TIdSSLIOHandlerSocketOpenSSL.Create(Self); with IdSSLIOHandlerSocketOpenSSLSmtp do begin Destination := 'smtp.onebox.com:465'; Host := 'smtp.onebox.com'; Port := 465; DefaultPort := 0; SSLOptions.Method := sslvTLSv1; SSLOptions.Mode := sslmBoth; SSLOptions.VerifyMode := [sslvrfClientOnce]; SSLOptions.VerifyDepth := 0; PassThrough := True; OnStatusInfo := IdSSLIOHandlerSocketOpenSSLSmtpStatusInfo1; OnVerifyPeer := IdSSLIOHandlerSocketOpenSSLSmtpVerifyPeer1; OnStatus := IdSSLIOHandlerSocketOpenSSLSmtpStatus1; OnBeforeConnect := beforeconnectSSLSMTP1; OnAfterConnect := afterconnectSSLSMTP1; OnErrorConnect := errorConnectSSLSMTP1; end; IdSASLCRAMMD51 := TIdSASLCRAMMD5.Create(Self); with IdSASLCRAMMD51 do begin UserPassProvider := IdUserPassProvider1; end; IdSASLLogin1 := TIdSASLLogin.Create(Self); with IdSASLLogin1 do begin UserPassProvider := IdUserPassProvider1; end; IdSASLAnonymous1 := TIdSASLAnonymous.Create(Self); TheSMTP := TIdSMTP.Create(Self); with TheSMTP do begin OnStatus := TheSMTPStatus1; IOHandler := IdSSLIOHandlerSocketOpenSSLSmtp; OnDisconnected := TheSMTPDisconnected1; OnWork := TheSMTPWork1; OnWorkBegin := TheSMTPWorkBegin1; OnWorkEnd := TheSMTPWorkEnd1; OnFailedRecipient := TheSMTPFailedRecipient1; AuthType := atSASL; Host := 'smtp.onebox.com'; Port := 465; Password := frmMain.YourPassword; Username := frmMain.YourAccount; UseTLS := utUseImplicitTLS; with SASLMechanisms.Add do begin SASL := IdSASLCRAMMD51; end; with SASLMechanisms.Add do begin SASL := IdSASLLogin1; end; with SASLMechanisms.Add do begin SASL := IdSASLAnonymous1; end; UseTLS := utUseImplicitTLS; OnTLSNotAvailable := TheSMTP1TLSNotAvailable; end; =================== The SSL Status messages return these statuses when it makes a good connection from the OnStatusInfo in the IdSSLIOHandlerSocketOpenSSL 8/17/2006 3:56:15 PM | SSL status: "before/connect initialization" 8/17/2006 3:56:15 PM | SSL status: "SSLv3 write client hello A" 8/17/2006 3:56:15 PM | SSL status: "SSLv3 read server hello A" 8/17/2006 3:56:15 PM | SSL status: "SSLv3 read server certificate A" 8/17/2006 3:56:15 PM | SSL status: "SSLv3 read server done A" 8/17/2006 3:56:15 PM | SSL status: "SSLv3 write client key exchange A" 8/17/2006 3:56:16 PM | SSL status: "SSLv3 write change cipher spec A" 8/17/2006 3:56:16 PM | SSL status: "SSLv3 write finished A" 8/17/2006 3:56:16 PM | SSL status: "SSLv3 flush data" 8/17/2006 3:56:16 PM | SSL status: "SSLv3 read finished A" 8/17/2006 3:56:16 PM | SSL status: "SSL negotiation finished successfully" 8/17/2006 3:56:16 PM | Cipher: name = RC4-MD5; description = RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 ; bits = 128; version = TLSv1/SSLv3; However, when it fails it returns these messages before it raises an exception in TIdSSLSocket.Connect 8/17/2006 3:56:15 PM | SSL status: "before/connect initialization" 8/17/2006 3:56:15 PM | SSL status: "SSLv3 write client hello B" Then it fails. Remy Lebeau (TeamB) wrote: Quote: "Darryl Strickland" <dstrickland (AT) integratedconsole (DOT) com> wrote in message news:44edf2cd$1 (AT) newsgroups (DOT) borland.com... When using OpenSSL to connect to an email server via IMAP and SMTP are certificates required? No. I have tried with implicitTLS and explicitTLS and every possible combination but none is reliable. What EXACTLY have you tried? Which components are you using? What does your code look like? Gambit Back to top Darryl Strickland Guest Posted: Fri Aug 25, 2006 4:07 am    Post subject: Re: OpenSSL requirements Eugene, I downloaded and installed the latest version of SecureBlackbox 5 beta but I cannot find any mention of TELSimpleSMTPClient or demos. Where should this be? Thanks Darryl Eugene Mayevski wrote: Quote: Hello! You wrote on Thu, 24 Aug 2006 15:32:21 -0400: Thanks for the answer. What I'm trying to figure out is why ssl connects some of the time and others it fails to this mail server. When it fails I have received the TLS Handshake error and other times no meaning full errors. Is it the same server each time? Frankly speaking I didn't work with OpenSSL (our developers did), but you can use SecureBlackbox 5 beta (http://www.eldos.com/sbb/download.php) and it's TElSimpleSMTPClient to do the tests. At least you will get the detailed error report and will be able to diagnose the problem. With best regards, Eugene Mayevski Back to top Eugene Mayevski Guest Posted: Fri Aug 25, 2006 8:11 am    Post subject: Re: OpenSSL requirements Hello! You wrote on Thu, 24 Aug 2006 19:07:27 -0400: DS> I downloaded and installed the latest version of SecureBlackbox 5 beta DS> but I cannot find any mention of TELSimpleSMTPClient or demos. Where DS> should this be? MailBBox*.bpl. Please use HelpDesk ( http://www.eldos.com/support/ticket_list.php ) for SecureBlackbox questions. With best regards, Eugene Mayevski Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         BorlandTalk.com Forum Index -> Delphi Internet Winsock All times are GMT Page 1 of 1   Jump to: Select a forum C++ Builder Newsgroups----------------C++ BuilderC++ Builder (ActiveX)C++ Builder (Announcements)C++ Builder (Command Line Tools)C++ Builder DatabasesC++ Builder Databases (ADO)C++ Builder Databases (Desktop)C++ Builder Databases (InterBase Express)C++ Builder Databases (Multi-Tier)C++ Builder Databases (SQL Servers)C++ Builder (Graphics)C++ Builder (IDE)C++ Builder (Internet)C++ Builder (Internet Socket)C++ Builder (Internet Web)C++ Builder (Jobs)C++ Builder (Language)C++ Builder (Language C++)C++ Builder (Compatibility with MFC)C++ Builder (Native API)C++ Builder (Non-Technical)C++ Builder (Students)C++ Builder (Third Party Tools)C++ Builder (Upgrade)C++ Builder (VCL)C++ Builder (VCL Components Usage)C++ Builder (VCL Components Development)C++ Builder (VCL Usage)C++ Builder (WinAPI)C++ Builder Installation Delphi Newsgroups----------------Delphi (General)Delphi ActiveX Controls UsageDelphi ActiveX Controls DevelopmentDelphi As400Delphi DatabasesDelphi Databases (ADO)Delphi Databases (dbExpress)Delphi Databases (Desktop)Delphi Databases (InterBase Express)Delphi Databases (Multi-Tier)Delphi Databases (SQL Servers)Delphi DeploymentDelphi GraphicsDelphi IDEDelphi InternationalizationDelphi InternetDelphi Internet Isapi-WebBrokerDelphi Internet WebSnapDelphi Internet WinsockDelphi JobsDelphi Language BASMDelphi Language ObjectPascalDelphi Model Driven Architecture (General)Delphi Model Driven Architecture (Third Party)Delphi MultimediaDelphi Native APIDelphi Non-TechnicalDelphi ObjectPascalDelphi OLE AutomationDelphi OO designDelphi OpenToolsAPIDelphi Reporting-ChartingDelphi RTLDelphi StudentsDelphi TeamSourceDelphi Thirdparty ToolsDelphi Thirdparty Tools (General)Delphi Thirdparty Tools (IntraWeb)Delphi Thirdparty Tools (RaveReports)Delphi UpgradeDelphi VCLDelphi VCL ComponentsDelphi VCL Components UsingDelphi VCL Components WritingDelphi WebServices SOAPDelphi WinAPIDelphi XMLDelphi Installationcomp.lang.pascal.delphi.components.misccomp.lang.pascal.delphi.components.usagecomp.lang.pascal.delphi.components.writingcomp.lang.pascal.delphi.databasescomp.lang.pascal.delphi.misccomp.sources.delphi JBuilder Newsgroups----------------JBuilderJBuilder AnnouncementsJBuilder Applet IssuesJBuilder As400JBuilder CompilerJBuilder CORBA/RMIJBuilder DatabasesJBuilder DB SwingJBuilder DebuggerJBuilder DeploymentJBuilder DocumentationJBuilder EnterpriseJBuilder HandheldJBuilder IDEJBuilder JavaJBuilder JavaAPIJBuilder Java LanguageJBuilder Java SwingJBuilder Java BeansJBuilder Java Beans UsageJBuilder Java Beans DevelopmentJBuilder JBCLJBuilder JDataStoreJBuilder JobsJBuilder LinuxJBuilder MacintoshJBuilder & MobileSetJBuilder MultiLingual AppsJBuilder Non-TechnicalJBuilder OpenToolsJBuilder Servlets (JSP)JBuilder StudentsJBuilder Team DevelopmentJBuilder Thirdparty ToolsJBuilder UpgradeJBuilder Installation InterBase Newsgroups----------------InterBaseInterBase Bug DiscussionInterBase GeneralInterBase IBConsoleInterBase OpenSourceInterBase ReplicationInterBase SQLInterBase ThirdpartyInterBase Installation Miscellaneous Borland Newsgroups----------------AppCenterAppServerEnteraVisiBroker  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.