Indy 10 (Delphi 10.2), HTTPS: нет общего шифра (вопрос новичка) - PullRequest
Новая
       50

Indy 10 (Delphi 10.2), HTTPS: нет общего шифра (вопрос новичка)

0 голосов
/ 26 сентября 2018

Это мой первый опыт использования SSL с Indy 10 TIdHTTPServer (в сочетании с TIdServerIOHandlerSSLOpenSSL IOHandler), и я попал в стену.

Я создал небольшое тестовое приложение, которое успешно отображает небольшую тестовую страницу через HTTP в браузере Google Chrome, но когда я пытаюсь извлечь ту же страницу через HTTPS, я получаю Клиент и сервер не работаютне поддерживает общую версию протокола SSL или набор шифров от Chrome.

Я прочитал много постов и попробовал различные комбинации настроек, пытаясь получить доступ к моей тестовой странице через HTTPS, но все безрезультатно.В некоторых постах, где люди в конечном итоге преуспели, добавление сертификата было хитростью;Тем не менее, я видел другой пост, где отмечается, что сертификаты не являются абсолютно необходимыми, поэтому я запутался в этом вопросе.

Вот мои текущие настройки: 

object IdHTTPServer: TIdHTTPServer
  OnStatus = IdHTTPServerStatus
  Bindings = <
    item
      IP = '127.0.0.1'
      Port = 80
    end
    item
      IP = '127.0.0.1'
      Port = 443
    end>
  IOHandler = IdServerIOHandlerSSLOpenSSL
  OnBeforeBind = IdHTTPServerBeforeBind
  OnAfterBind = IdHTTPServerAfterBind
  OnBeforeListenerRun = IdHTTPServerBeforeListenerRun
  OnContextCreated = IdHTTPServerContextCreated
  OnConnect = IdHTTPServerConnect
  OnDisconnect = IdHTTPServerDisconnect
  OnException = IdHTTPServerException
  OnListenException = IdHTTPServerListenException
  KeepAlive = True
  OnCommandError = IdHTTPServerCommandError
  OnCommandOther = IdHTTPServerCommandOther
  OnCreateSession = IdHTTPServerCreateSession
  OnInvalidSession = IdHTTPServerInvalidSession
  OnHeadersAvailable = IdHTTPServerHeadersAvailable
  OnHeadersBlocked = IdHTTPServerHeadersBlocked
  OnHeaderExpectations = IdHTTPServerHeaderExpectations
  OnParseAuthentication = IdHTTPServerParseAuthentication
  OnQuerySSLPort = IdHTTPServerQuerySSLPort
  OnSessionStart = IdHTTPServerSessionStart
  OnSessionEnd = IdHTTPServerSessionEnd
  OnCreatePostStream = IdHTTPServerCreatePostStream
  OnDoneWithPostStream = IdHTTPServerDoneWithPostStream
  OnCommandGet = IdHTTPServerCommandGet
  Left = 304
  Top = 97
end
object IdServerIOHandlerSSLOpenSSL: TIdServerIOHandlerSSLOpenSSL
  OnStatus = IdServerIOHandlerSSLOpenSSLStatus
  SSLOptions.Method = sslvSSLv23
  SSLOptions.SSLVersions = [sslvSSLv2, sslvSSLv3, sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]
  SSLOptions.Mode = sslmUnassigned
  SSLOptions.VerifyMode = []
  SSLOptions.VerifyDepth = 0
  SSLOptions.CipherList =
    'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RS' +
    'A-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECD' +
    'HE-RSA-AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-' +
    'SHA:DES-CBC3-SHA'
  OnStatusInfo = IdServerIOHandlerSSLOpenSSLStatusInfo
  OnStatusInfoEx = IdServerIOHandlerSSLOpenSSLStatusInfoEx
  OnGetPassword = IdServerIOHandlerSSLOpenSSLGetPassword
  OnGetPasswordEx = IdServerIOHandlerSSLOpenSSLGetPasswordEx
  OnVerifyPeer = IdServerIOHandlerSSLOpenSSLVerifyPeer
  Left = 416
  Top = 105
end

Каждыйсобытие подключено и зарегистрировано;журнал выходит так: 

17:47:23.814 [ 0.371] IdHTTPServerBeforeBind: AHandle=0337C960
17:47:23.817 [ 0.003] IdHTTPServerBeforeBind: AHandle=0337C9A0
17:47:23.819 [ 0.002] IdHTTPServerAfterBind: Sender=03A9CBA0
17:47:23.866 [ 0.047] IdHTTPServerBeforeListenerRun: AThread=033150F0
17:47:23.879 [ 0.013] IdHTTPServerBeforeListenerRun: AThread=03315160
17:47:30.889 [ 7.010] IdHTTPServerContextCreated: AContext=00678CCC
17:47:30.889 [ 0.000] IdHTTPServerContextCreated: AContext=00678CCC
17:47:30.927 [ 0.038] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:47:30.927 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "before/accept initialization"
17:47:30.927 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=16; Aret=1
17:47:30.927 [ 0.000]   AType=Handshake Start; AMsg=before/accept initialization
17:47:30.927 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "before/accept initialization"
17:47:30.927 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=8193; Aret=1
17:47:30.927 [ 0.000]   AType=Accept Loop; AMsg=before/accept initialization
17:47:30.928 [ 0.001] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "SSLv3 read client hello C"
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=16392; Aret=552
17:47:30.928 [ 0.000]   AType=fatal Write Alert; AMsg=handshake failure
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "error"
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=8194; Aret=-1
17:47:30.928 [ 0.000]   AType=Accept Error; AMsg=error
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "error"
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=8194; Aret=-1
17:47:30.928 [ 0.000]   AType=Accept Error; AMsg=error
17:47:30.999 [ 0.071] IdHTTPServerDisconnect: AContext=00678CCC
17:47:30.999 [ 0.000] IdHTTPServerException: AContext=0338E410; Exception: Error accepting connection with SSL.<CR><LF>error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
17:47:31.051 [ 0.052] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:47:31.068 [ 0.017] IdHTTPServerDisconnect: AContext=00678CCC
17:47:31.068 [ 0.000] IdHTTPServerException: AContext=0338E280; Exception: Error accepting connection with SSL.<CR><LF>error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
17:47:31.140 [ 0.072] IdHTTPServerContextCreated: AContext=00678CCC
17:47:31.176 [ 0.036] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:47:31.229 [ 0.053] IdHTTPServerContextCreated: AContext=00678CCC
17:47:31.262 [ 0.033] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:47:31.287 [ 0.025] IdHTTPServerDisconnect: AContext=00678CCC
17:47:31.287 [ 0.000] IdHTTPServerException: AContext=0338E460; Exception: Error accepting connection with SSL.<CR><LF>error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
17:47:31.480 [ 0.193] IdHTTPServerContextCreated: AContext=00678CCC
17:47:31.512 [ 0.032] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:48:01.230 [29.718] IdHTTPServerDisconnect: AContext=00678CCC
17:48:01.230 [ 0.000] IdHTTPServerException: AContext=0338E2D0; Exception: Socket Error # 10060<CR><LF>Connection timed out.
17:48:01.525 [ 0.295] IdHTTPServerDisconnect: AContext=00678CCC
17:48:01.525 [ 0.000] IdHTTPServerException: AContext=0338E4B0; Exception: Socket Error # 10060<CR><LF>Connection timed out.

Есть ли что-то очевидное, что я пропускаю?

Спасибо

...