lots of TidHTTP errors occurring

[cnielsen4211]

Hi, I'm new here but came here out of frustration trying to find help with the TIdHTTP errors I'm getting.

I have the latest Delphi 11 and INDY version is 10.6.2.0.

I have been using the TIdHTTP component to communicate with the Betfair.com API and my programs continually poll the website to get the information I want. These programs have been working both locally and on VPS for years.

All of sudden I'm now getting these error messages randomly and fairly frequently:

1) Time out errors

2) Error connecting with SSL
    error:1404F10B: SSL Routines SSL3_GET_RECORD : wrong version number

3) Error connecting with SSL
    error: 14077410:SSLroutines SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure

My programs using the TIdHTTP component have been working fine for years and all of a sudden these frequent error are occurring, causing a program crash.

My code:

Code:

try
  httpClient.Request.AcceptEncoding  := 'gzip, deflate';
  httpClient.Request.ContentType    := 'application/json;';
  httpClient.Request.Charset        := 'utf-8';
  httpClient.Request.ContentLength  := sizeof(Params);
  httpClient.Request.Connection    := 'Keep-Alive';
  httpClient.Request.Accept        := 'application/json';
  httpClient.ReadTimeout            := 120000;
  httpClient.ConnectTimeout        := 120000;
  // httpClient.HandleRedirects        := true;  { added friday 20230623  didn't solve problem}
  httpClient.Request.CustomHeaders.Add('X-Authentication:' + SessionToken);
  httpClient.Request.CustomHeaders.Add('X-Application:' + 'lgQDTaP9sJgCDTs8');
  sslIOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
  sslIOHandler.PassThrough := false;  { added friday 20230623}  //https://quality.embarcadero.com/browse/RSP-29900  hasn't solved problem
  sslIOHandler.SSLOptions.Method :=  sslvSSLv3;
  sslIOHandler.SSLOptions.sslversions := [sslVTLSv1, sslVTLSv1_1,sslVTLSv1_2,sslvSSLv3];
  // sslIOHandler.SSLOptions.Method := sslvSSLv3;  // tried lots of versions of SSL none solved the problem
  // sslIOHandler.SSLOptions.SSLVersions := [sslvSSLv3];
  httpClient.IOHandler := sslIOHandler;
  httpClient.Request.ContentLength := sizeof(Params);
  httpClient.Post(self.URL, Params, HTTPstr);
except

I'm getting desperate for a solution, any help would be appreciated.

[rlebeau]

These programs have been working both locally and on VPS for years.

All of sudden I'm now getting these error messages randomly and fairly frequently

Has anything changed recently in your code? Did you change the OpenSSL DLLs recently (which version are you actually using)?

If not, then something must have changed on the server side instead.  Did you try contacting the server admins to ask?

Code:

httpClient.Request.AcceptEncoding  := 'gzip, deflate';

You SHOULD NOT be setting that property manually, unless your code is prepared to handle those formats manually.  Which, the code you have shown is not.

Instead, you should be assigning an object to the TIdHTTP.Compressor property, such as TIdCompressorZLib, and let TIdHTTP internally manage the AcceptEncoding property based on the Compressor's actual capabilities.

Code:

httpClient.Request.ContentType    := 'application/json;';
httpClient.Request.Charset        := 'utf-8';
httpClient.Request.ContentLength  := sizeof(Params);

The use of sizeof() is wrong.  If you are sending JSON, the Params must use a TStream object, such as a TStringStream, in order to hold/send the JSON data properly.  In which case, you must set the ContentLength to the value of the stream's Size property instead.  Or, you can simply omit the ContentLength and let TIdHTTP set it for you.

Code:

  sslIOHandler.PassThrough := false;  { added friday 20230623}  //https://quality.embarcadero.com/browse/RSP-29900  hasn't solved problem

That RSP refers to using SSL/TLS with a plain TIdTCPClient. That issue does not affect TIdHTTP, as it internally manages the SSLIOHandler.PassThrough property based on the type of URL being requested.

Code:

sslIOHandler.SSLOptions.Method :=  sslvSSLv3;
sslIOHandler.SSLOptions.sslversions := [sslVTLSv1, sslVTLSv1_1,sslVTLSv1_2,sslvSSLv3];
// sslIOHandler.SSLOptions.Method := sslvSSLv3;  // tried lots of versions of SSL none solved the problem
// sslIOHandler.SSLOptions.SSLVersions := [sslvSSLv3];

First, you should not be using the SSLOptions.Method property at all, it was deprecated a LONG time ago in favor of the SSLOptions.SSLVersions property.

Second, WHY are you enabling SSL v3.0??? Nobody uses that anymore, as it was compromised almost a decade ago.  DO NOT enable anything below TLS 1.0 nowadays:

Code:

sslIOHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];

[cnielsen4211]

Thank you rlebeau,

As you can possible detect I know virtually nothing about how to apply the TIdHTTP components, so when I originally wrote the code I searched the web and through trial and error found a combination that worked so I stuck with it and it has worked for years.

Thank you so much for your reply I will go though each of your comments and adjust my code testing each change as I do because the Betfair API Server is a cantankerous animal and any mismatch causes errors.

[cnielsen4211]

Thank you rlebeau,

Before you were able to respond to my post I continued trial and error testing as I could not find much help with these components, what I had originally (and worked for years) was that the idHTTP communications was in a threading method, I took it out of the thread and set in my main program (which slows things down) but I had a 24hr run without errors, so progress, Yay.

Following your comments I have implemented all of the changes you've shown and now my program has been running for about 20mins so next I will run it for 24hrs and see if it holds up.

Of course it should, but why these errors occurred randomly, I have no idea.

Thanks for your help