Discussion:
Errror accepting connection with SSL.
(too old to reply)
Arvid
2008-02-20 21:22:57 UTC
Permalink
We get this error sometimes - most connections seem to succeed.

The error is:
Error accepting connection with SSL.
Error:00000005:lib(0):fuc(0):DH lib

I set passthrough to false in the OnConnect.

Any idea why this happens? I am using Indy as of 19. Feb. 2008.
Remy Lebeau (TeamB)
2008-02-20 21:59:08 UTC
Permalink
Post by Arvid
Any idea why this happens?
OpenSSL's SSL_accept() function is failing. The client's SSL credentials
are probably malformed or missing.


Gambit
Arvid Haugen
2008-02-21 06:46:08 UTC
Permalink
Hi,

the connects are from mostly Internet Explorer.

This did not happen with the Indy that comes with Delphi - my version: 10.

Could the problem be related to incorrect DLLs?

Another thing.

I have "Keep-Alive" set to true in the TidHTTPServer, I receive "Keep-Alive"
in ARequestInfo.Connection. But the webserver responds with
"closeconnection" (AResponseInfo.CloseConnection is true). I have tried both
with and without SSL.

Any idea why this happens and what I should do about it? Do I have to set
CloseConnection to false myself?

With the previous version I did not see this. Should this work in that way?
Post by Remy Lebeau (TeamB)
Post by Arvid
Any idea why this happens?
OpenSSL's SSL_accept() function is failing. The client's SSL credentials
are probably malformed or missing.
Gambit
Arvid Haugen
2008-02-21 07:55:11 UTC
Permalink
Hi,

it seems to be a javascript that causes this fault. We will look further
into it - the same script works fine with the "old" indy.

Caused by: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown
Source)
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
Post by Remy Lebeau (TeamB)
Post by Arvid
Any idea why this happens?
OpenSSL's SSL_accept() function is failing. The client's SSL credentials
are probably malformed or missing.
Gambit
Arvid Haugen
2008-02-21 08:53:25 UTC
Permalink
The Javascript used SSL2.0 and we had sslvSSLv23 in
idServerIOHandlerSSLOpenSSL.SSLOptions.Method.

The problem was that we had set SSL3.0 in
Post by Remy Lebeau (TeamB)
Post by Arvid
Any idea why this happens?
OpenSSL's SSL_accept() function is failing. The client's SSL credentials
are probably malformed or missing.
Gambit
Loading...