这是我首次尝试将SSL与Indy 10 TIdHTTPServer(与TIdServerIOHandlerSSLOpenSSL IOHandler结合使用)一起使用,并且遇到了麻烦。
我已经制作了一个小型测试应用程序,可以通过HTTP成功地将一个小型测试页面提供给Google Chrome浏览器,但是当我尝试通过HTTPS获取同一页面时,我得到了客户端和服务器不支持Chrome的通用SSL协议版本或密码套件。
我阅读了很多文章,并尝试了各种设置组合,以尝试通过HTTPS提供我的测试页,但无济于事。在人们最终成功的一些职位中,增加证书是技巧。但是,在其他帖子中,我指出证书不是绝对必要的,因此我对此感到困惑。
这是我当前的设置:
object IdHTTPServer: TIdHTTPServer
OnStatus = IdHTTPServerStatus
Bindings = <
item
IP = '127.0.0.1'
Port = 80
end
item
IP = '127.0.0.1'
Port = 443
end>
IOHandler = IdServerIOHandlerSSLOpenSSL
OnBeforeBind = IdHTTPServerBeforeBind
OnAfterBind = IdHTTPServerAfterBind
OnBeforeListenerRun = IdHTTPServerBeforeListenerRun
OnContextCreated = IdHTTPServerContextCreated
OnConnect = IdHTTPServerConnect
OnDisconnect = IdHTTPServerDisconnect
OnException = IdHTTPServerException
OnListenException = IdHTTPServerListenException
KeepAlive = True
OnCommandError = IdHTTPServerCommandError
OnCommandOther = IdHTTPServerCommandOther
OnCreateSession = IdHTTPServerCreateSession
OnInvalidSession = IdHTTPServerInvalidSession
OnHeadersAvailable = IdHTTPServerHeadersAvailable
OnHeadersBlocked = IdHTTPServerHeadersBlocked
OnHeaderExpectations = IdHTTPServerHeaderExpectations
OnParseAuthentication = IdHTTPServerParseAuthentication
OnQuerySSLPort = IdHTTPServerQuerySSLPort
OnSessionStart = IdHTTPServerSessionStart
OnSessionEnd = IdHTTPServerSessionEnd
OnCreatePostStream = IdHTTPServerCreatePostStream
OnDoneWithPostStream = IdHTTPServerDoneWithPostStream
OnCommandGet = IdHTTPServerCommandGet
Left = 304
Top = 97
end
object IdServerIOHandlerSSLOpenSSL: TIdServerIOHandlerSSLOpenSSL
OnStatus = IdServerIOHandlerSSLOpenSSLStatus
SSLOptions.Method = sslvSSLv23
SSLOptions.SSLVersions = [sslvSSLv2, sslvSSLv3, sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]
SSLOptions.Mode = sslmUnassigned
SSLOptions.VerifyMode = []
SSLOptions.VerifyDepth = 0
SSLOptions.CipherList =
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RS' +
'A-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECD' +
'HE-RSA-AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-' +
'SHA:DES-CBC3-SHA'
OnStatusInfo = IdServerIOHandlerSSLOpenSSLStatusInfo
OnStatusInfoEx = IdServerIOHandlerSSLOpenSSLStatusInfoEx
OnGetPassword = IdServerIOHandlerSSLOpenSSLGetPassword
OnGetPasswordEx = IdServerIOHandlerSSLOpenSSLGetPasswordEx
OnVerifyPeer = IdServerIOHandlerSSLOpenSSLVerifyPeer
Left = 416
Top = 105
end
每个事件都被钩住并记录下来;日志显示如下:
17:47:23.814 [ 0.371] IdHTTPServerBeforeBind: AHandle=0337C960
17:47:23.817 [ 0.003] IdHTTPServerBeforeBind: AHandle=0337C9A0
17:47:23.819 [ 0.002] IdHTTPServerAfterBind: Sender=03A9CBA0
17:47:23.866 [ 0.047] IdHTTPServerBeforeListenerRun: AThread=033150F0
17:47:23.879 [ 0.013] IdHTTPServerBeforeListenerRun: AThread=03315160
17:47:30.889 [ 7.010] IdHTTPServerContextCreated: AContext=00678CCC
17:47:30.889 [ 0.000] IdHTTPServerContextCreated: AContext=00678CCC
17:47:30.927 [ 0.038] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:47:30.927 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "before/accept initialization"
17:47:30.927 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=16; Aret=1
17:47:30.927 [ 0.000] AType=Handshake Start; AMsg=before/accept initialization
17:47:30.927 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "before/accept initialization"
17:47:30.927 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=8193; Aret=1
17:47:30.927 [ 0.000] AType=Accept Loop; AMsg=before/accept initialization
17:47:30.928 [ 0.001] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "SSLv3 read client hello C"
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=16392; Aret=552
17:47:30.928 [ 0.000] AType=fatal Write Alert; AMsg=handshake failure
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "error"
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=8194; Aret=-1
17:47:30.928 [ 0.000] AType=Accept Error; AMsg=error
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfo: AMsg=SSL status: "error"
17:47:30.928 [ 0.000] IdServerIOHandlerSSLOpenSSLStatusInfoEx: ASender=032D3C40; AsslSocket=03B0D3D0; AWhere=8194; Aret=-1
17:47:30.928 [ 0.000] AType=Accept Error; AMsg=error
17:47:30.999 [ 0.071] IdHTTPServerDisconnect: AContext=00678CCC
17:47:30.999 [ 0.000] IdHTTPServerException: AContext=0338E410; Exception: Error accepting connection with SSL.<CR><LF>error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
17:47:31.051 [ 0.052] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:47:31.068 [ 0.017] IdHTTPServerDisconnect: AContext=00678CCC
17:47:31.068 [ 0.000] IdHTTPServerException: AContext=0338E280; Exception: Error accepting connection with SSL.<CR><LF>error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
17:47:31.140 [ 0.072] IdHTTPServerContextCreated: AContext=00678CCC
17:47:31.176 [ 0.036] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:47:31.229 [ 0.053] IdHTTPServerContextCreated: AContext=00678CCC
17:47:31.262 [ 0.033] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:47:31.287 [ 0.025] IdHTTPServerDisconnect: AContext=00678CCC
17:47:31.287 [ 0.000] IdHTTPServerException: AContext=0338E460; Exception: Error accepting connection with SSL.<CR><LF>error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
17:47:31.480 [ 0.193] IdHTTPServerContextCreated: AContext=00678CCC
17:47:31.512 [ 0.032] IdHTTPServerQuerySSLPort: APort=443; VUseSSL=1
17:48:01.230 [29.718] IdHTTPServerDisconnect: AContext=00678CCC
17:48:01.230 [ 0.000] IdHTTPServerException: AContext=0338E2D0; Exception: Socket Error # 10060<CR><LF>Connection timed out.
17:48:01.525 [ 0.295] IdHTTPServerDisconnect: AContext=00678CCC
17:48:01.525 [ 0.000] IdHTTPServerException: AContext=0338E4B0; Exception: Socket Error # 10060<CR><LF>Connection timed out.
我明显缺少什么吗?
谢谢