我使用的是Delphi 2010,最新的Indy 10.6.2(5498)和OpenSSL 1.0.2r(来自indy.fulgan.com),我无法强制其使用TLS 1.2。当我打开稍后提到的页面时,它将返回EIdOSSLUnderlyingCryptoError:
使用SSL连接时出错。错误:1408F10B:SSL 例程:SSL3_GET_RECORD:版本号错误
这是我用来打开网页的代码
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.shortcuts import render
from django.template import loader
from django.db import models
from django.contrib.staticfiles.templatetags.staticfiles import static
import pandas as pd
import os
from os import walk
#C:\PythonProjects\DjangoApp\djangonautic
#C:/PythonProjects/DjangoApp/djangonautic
#Get dirs in imagefolder, files in dirs and create dictionairy for render
def smaakjes_list(request):
Temp_Directory_Path = []
#TempDic -> can later be replaced in the loop below, so that key values will be added as dir names
path_to_option_images = '/Users/kolinmac/AnacondaProjects/DjangoApp/djangonautic/smaakjes/static/options/'
#'/Users/kolinmac/AnacondaProjects/DjangoApp/djangonautic/smaakjes/static/options/'
super_dict = {}
#for each folder in options -> get all directory names
for (dirpath, dirnames, filenames) in walk(path_to_option_images):
Temp_Directory_Path.extend(dirnames)
print(Temp_Directory_Path)
break
#for each directory in the list with directories
for dir_name in Temp_Directory_Path:
#create path for file names - to iterate with walk()
Temp_Path = path_to_option_images + dir_name
#create title and dict - for later use
Dict1 = {dir_name : []}
super_dict_temp = {}
TempList = []
#for each image in path + dir_name
for (dirpath, dirnames, filenames) in walk(Temp_Path):
TempList.extend(filenames)
break
for values in TempList:
#currently only .png allowed
if values[-4:] == ".png":
value = "/static/options/" + dir_name + "/" + values
Dict1[dir_name].append(value)
super_dict_temp = Dict1.copy()
super_dict.update(super_dict_temp)
#print(super_dict)
return render(request, 'smaakjes/smaakjes.html', {'Drank': super_dict})
当我打开https:// www.google.com时,它正确使用了TLS 1.2,以下是Wireshark的详细信息
var
IdHTTP: TIdHTTP;
begin
IdHTTP:=TIdHTTP.Create;
try
IdHTTP.IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(IdHTTP);
TIdSSLIOHandlerSocketOpenSSL(IdHTTP.IOHandler).SSLOptions.Method := sslvTLSv1_2;
TIdSSLIOHandlerSocketOpenSSL(IdHTTP.IOHandler).SSLOptions.SSLVersions := [sslvTLSv1_2];
IdHTTP.Get('https://...');
finally
IdHTTP.Free;
end;
end;
但是,当我打开此页面https:// www.downloadtb.com时,Indy使用TLS 1.0。该站点仅使用TLS 1.2,并且使用以下密码:ECDHE-RSA-AES256-GCM-SHA384。
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 512
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
似乎混合使用TLS 1.0和1.2。这是某种后备吗?我该如何解决?
编辑:网站上发生了一些变化,Indy现在可以正确使用TLS 1.2
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 329
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 325
Version: TLS 1.2 (0x0303)