EIdOSSLConnectError, EOF was observed that violates the protocol

Hi,

I have run into some kind of strange behavior or perhaps a bug. 

When I us TIdHTTP to connect to a TIdHTTPServer I get an exception,
"EIdOSSLConnectError, Error connecting with SSL. EOF was observed that violates the protocol."

If I try to connect again, without closing down the application, it works fine. But every time I restart the client and the first time I try to connect I get this exception. 
I have been using the latest OpenSSL DLLs, 1.0.1e.

So I tried with earlier versions of the DLLs and the problems does not exist if I go as far back as 0.9.8m.
But if I debug the client and set a break point, and quickly just continue after the break, I get the same exception even with 0.9.8m. 

If I use a browser to connect I can see any problem with the certificate.
What could be causing the exception? Any ideas about where to start looking.

I'm using Indy version 10.5.7. 

The Status and StatusInfo event gives me the following

First attempt:

+Resolving hostname mydomain.com.+
+Connecting to 123.123.123.123.+
+SSL status: "before/connect initialization"+
+SSL status: "before/connect initialization"+
+SSL status: "SSLv3 write client hello A"+
+SSL status: "SSLv3 read server hello A"+

and then I get the exception

If i try to connect again I get

+Resolving hostname mydomain.com.+
+Connecting to 123.123.123.123.+
+SSL status: "before/connect initialization"+
+SSL status: "before/connect initialization"+
+SSL status: "SSLv3 write client hello A"+
+SSL status: "SSLv3 read server hello A"+
+SSL status: "SSLv3 read server certificate A"+
+SSL status: "SSLv3 read server done A"+
+SSL status: "SSLv3 write client key exchange A"+
+SSL status: "SSLv3 write change cipher spec A"+
+SSL status: "SSLv3 write finished A"+
+SSL status: "SSLv3 flush data"+
+SSL status: "SSLv3 read server session ticket A"+
+SSL status: "SSLv3 read finished A"+
+SSL status: "SSL negotiation finished successfully"+
+SSL status: "SSL negotiation finished successfully"+
+Cipher: name = AES256-SHA; description = AES256-SHA SSLv3 Kx=RSA Au=RSA  Enc=AES(256)  Mac=SHA1; bits = 256; version = TLSv1/SSLv3;+
+SSL status: "SSL negotiation finished successfully"+
+SSL status: "SSL negotiation finished successfully"+
+Disconnected.+

Kind regards,
Fredrik Sandedal
0
Fredrik
3/14/2013 4:58:20 PM
embarcadero.delphi.winsock 1874 articles. 2 followers. Follow

5 Replies
3588 Views

Similar Articles

[PageSpeed] 57

Fredrik wrote:

> When I us TIdHTTP to connect to a TIdHTTPServer I get an exception,
> "EIdOSSLConnectError, Error connecting with SSL. EOF was observed that
> violates the protocol."

That usually means that you have assigned a value to the IOHandler's SSLOptions.Method 
property that does not match the SSL/TLS version that the other party is 
using, so the SSL handshake gets parsed incorrectly.  What does not make 
sense is how reconnecting is solving the problem, because it should not. 
 When the error occurs, Indy has to disconnect the socket, and reconnecting 
to the same port without changing the SSLOptions should result in the same 
kind of handshake data being exchanged.

> So I tried with earlier versions of the DLLs and the problems does
> not exist if I go as far back as 0.9.8m.

That would indicate a possible OpenSSL bug, not an Indy bug.  Another possibility 
is that maybe something on your network is simply messing around with the 
socket data behind OpenSSL's back, so to speak, corrupting the SSL/TLS handshakes.

> What could be causing the exception?

Without seeing the raw socket data from a packet sniffer, like Wireshark, 
there is no way to know for sure.

> +SSL status: "SSLv3 read server hello A"+
> and then I get the exception

What do you have the SSLOptions.Method property set to?  If SSLv3 or TLSv1, 
try SSLv23 instead.

--
Remy Lebeau (TeamB)
0
Remy
3/14/2013 7:02:29 PM
> {quote:title=Remy Lebeau (TeamB) wrote:}{quote}
> 
>> When I us TIdHTTP to connect to a TIdHTTPServer I get an exception,
>> "EIdOSSLConnectError, Error connecting with SSL. EOF was observed that
>> violates the protocol."
> That usually means that you have assigned a value to the IOHandler's SSLOptions.Method 
> property that does not match the SSL/TLS version that the other party is 
> using, so the SSL handshake gets parsed incorrectly. What does not make 
> sense is how reconnecting is solving the problem, because it should not. 
> When the error occurs, Indy has to disconnect the socket, and reconnecting 
> to the same port without changing the SSLOptions should result in the same 
> kind of handshake data being exchanged.

> > So I tried with earlier versions of the DLLs and the problems does
> > not exist if I go as far back as 0.9.8m.
> 
> That would indicate a possible OpenSSL bug, not an Indy bug.  Another possibility 
> is that maybe something on your network is simply messing around with the 
> socket data behind OpenSSL's back, so to speak, corrupting the SSL/TLS handshakes.
> 

Yes, it is very strange behavior. Could it be some kind of timer issue? I get the exception all the time if I set a break point somewhere in the handshaking process, eg in OnVerifyPeer or in TIdSSLSocket.Connect?
It doesn't matter what versions of the DLLs I use. I have been focusing on the client side. Is it more likely to be a fault on the server side?

> > What could be causing the exception?
> 
> Without seeing the raw socket data from a packet sniffer, like Wireshark, 
> there is no way to know for sure.
> 

I have a capture from WireShark but I can't find a way to attach it in the forum!!

> > +SSL status: "SSLv3 read server hello A"+
> > and then I get the exception
> 
> What do you have the SSLOptions.Method property set to?  If SSLv3 or TLSv1, 
> try SSLv23 instead.
> 

I have tried all variations, both server and client, with same result.

Kind regards,
0
Fredrik
3/15/2013 8:59:25 AM
Remy,

I wasn't able to upload an attachment here. I made a new post in the atozedsoftware.indy.encryption.ssl newsgroup with the WireShark capture attached.

Kind regards,

Fredrik
0
Fredrik
3/15/2013 9:12:21 AM
Fredrik wrote:

> I have a capture from WireShark but I can't find a way to attach
> it in the forum!!

Post it in the Attachments forum.

--
Remy Lebeau (TeamB)
0
Remy
3/15/2013 7:33:34 PM
> {quote:title=Remy Lebeau (TeamB) wrote:}{quote}
> Fredrik wrote:
> 
> > I have a capture from WireShark but I can't find a way to attach
> > it in the forum!!
> 
> Post it in the Attachments forum.
> 
> --
> Remy Lebeau (TeamB)

OK, I wasn't aware of the Attachments forum. 
Uploaded the attachment to https://forums.embarcadero.com/thread.jspa?threadID=84657&tstart=0

Kind regards,
0
Fredrik
3/16/2013 10:33:31 AM
Reply:

Similar Artilces:

EOF was observed that violates the protocol indy
When reconnect a client after Server disconnet, EOF was observed that violates the protocol indy exception is raised. The only way to reconnect the client is to exit and re-execute client's application. Server side: {code} procedure TTCPServer.DoConnect(AContext: TIdContext); var OK : Boolean; begin inherited; try AContext.Connection.IOHandler.ReadTimeout := -1; TSSLClientHandler(AContext.Connection.IOHandler).PassThrough := (not FUseSSL); Ok := True; except Ok := False; // EOF was observed that violates the protocol end; if (n...

EOF was observed that violates the protocol indy [Edit]
When reconnect a client after Server disconnet, "EOF was observed that violates the protocol" indy exception is raised. The only way to reconnect the client is to exit and re-execute client's application. Server side: {code} procedure TTCPServer.DoConnect(AContext: TIdContext); var OK : Boolean; begin inherited; try AContext.Connection.IOHandler.ReadTimeout := -1; TSSLClientHandler(AContext.Connection.IOHandler).PassThrough := (not FUseSSL); Ok := True; except Ok := False; // EOF was observed that violates the protocol e...

EOF was observed that violates the protocol indy [Edit] #2
When reconnect a client after Server disconnet, "EOF was observed that violates the protocol" indy exception is raised. The only way to reconnect the client is to exit and re-execute client's application. Server side: {code} procedure TTCPServer.DoConnect(AContext: TIdContext); var OK : Boolean; begin inherited; try AContext.Connection.IOHandler.ReadTimeout := -1; TSSLClientHandler(AContext.Connection.IOHandler).PassThrough := (not FUseSSL); Ok := True; except Ok := False; // EOF was observed that violates the protocol e...

EOF was observed that violates the protocol indy [Edit] #2
When reconnect a client after Server disconnet, "EOF was observed that violates the protocol" indy exception is raised. The only way to reconnect the client is to exit and re-execute client's application. Server side: {code} procedure TTCPServer.DoConnect(AContext: TIdContext); var OK : Boolean; begin inherited; try AContext.Connection.IOHandler.ReadTimeout := -1; TSSLClientHandler(AContext.Connection.IOHandler).PassThrough := (not FUseSSL); Ok := True; except Ok := False; // EOF was observed that violates the protocol e...

Questions about Windows 2008 Server x64 and Delphi 2010 Indy client application "EOF was detected that violates the protocol"
Hello fellas: I have a simple question: I have a client application made with Delphi 2010 and Indy 10. My server application made with the same tools, is inside a simple Windows XP SP2 32. My client application uses TIdSSLIOHandlerSocketOpenSSL and TIdTCPClient. It works fine. My server application uses TIdServerIOHandlerSSLOpenSSL and TIdTCPServer. It works ok. Inside a Windows 2003 Server x64, the client it works fine. It communicates with my server application. There are connection and traffic data with no problem at all. Inside a Windows 2008 Server x64, with all f...

Connection was broken & SSL protocol-violating EOF found
redirected from: http://forums.novell.com/novell-product-support-forums/edirectory/edir-windows/370925-connection-broken-ssl-protocol-violating-eof-found.html i am working on repeating issues with dirxmlremote 8000 crashing and reconnecting repeatedly, found lothar�s thread: http://forums.novell.com/novell-product-support-forums/identity-manager/im-engine-drivers/328058-rl-service-crashing-win2k3-when-edir-stopped-8-7-3-sles9.html SOFTWARE: edir-version: 8.8.2 ds version: 2021655 idm 3.5.1 ad-driver SOME DRIVER SETTINGS: <pollingInterval display-name="Driv...

LWP Dying on protocol violation
I just got into a very simple application someone wrote using LWP::Simple's mirror() function, and the very first problem I ran into is this: The client application calls mirror() to get a file from a remote server, and the server (Netscape FastTrack 2.01) responds by sending bogus header information. It says the Content-Length is 6000-some characters, then sends the 130000-some characters that are really in the file. Mirror compares the two figures and calls foul. Rather than returning an error to the calling routine, it does a die() with some verbiage announcing the proble...

Thunderbird violates SMTP protocol
Exploring Thunderbird I see it violates basis SMTP (RFC x821) state machine protocol.. Here is example of a captured session with TBIRD as a client on a non-routable address (intranet sub-net) machine. ******************************************************** Wildcat! SMTP Server v6.1.451.9 SMTP log started at Mon, 06 Nov 2006 19:14:50 Connection Time: 20061106 19:14:50 cid: 00007126 SSL Enabled: NO Client IP: 72.144.114.198 (unknown) 19:14:50 S: 220 winserver.com Wildcat! ESMTP Server v6.1.451.9 ready 19:14:50 C: EHLO [192.168.1.103] 19:14:50 S: 501 Invalid EHLO client address...

The server committed a protocol violation
Hi, I am trying to use MyZilla to connect my Bugzilla server (Bugzilla version: 4.2 and 4.2.1, os: win-2003, Web server: IISv6.0) and i am getting the following error while creating the new connection. "The server committed a protocol violation. Section=ResponseHeader Detail=Header name is invalid" Please let me know the solution or work around for this issue. Thanks and Regards, Vels ================================================================================= I am happy to post my questions here because I am getting the right solution and the gr...

Delphi and Delphi for .Net
It seems that Delphi for .Net is slower than Delphi Win32 native applicaiton. I would like to know is it true all .Net application is slower than Win32 native applicaiton or it is Delphi for .Net only. Your information is great appreciated, Inung On 2011-06-21 18:20:17 +0100, Inung Huang said: > It seems that Delphi for .Net is slower than Delphi Win32 native applicaiton. > I would like to know is it true all .Net application is slower than > Win32 native applicaiton or it is Delphi for .Net only. If you are only running the code in the application once then, yes, yo...

Delphi 2010 Access Violation
I have an application developed with delphi 2010 professional. Are there any tools in the IDE that will help me find an access violation that shows up, when the application closes? I have steppd through the code,but can' t locate anything. I am not for sure but I think a form may not be destroyed. TIA Jan B wrote: > I have an application developed with delphi 2010 professional. Are > there any tools in the IDE that will help me find an access violation > that shows up, when the application closes? I have steppd through > the code,but can' t locate anything. ...

Thunderbird violates SMTP protocol
Exploring Thunderbird I see it violates basis SMTP (RFC x821) state machine protocol.. Here is example of a captured session with TBIRD as a client. ******************************************************** Wildcat! SMTP Server v6.1.451.9 SMTP log started at Mon, 06 Nov 2006 19:14:50 Connection Time: 20061106 19:14:50 cid: 00007126 SSL Enabled: NO Client IP: 72.144.114.198 (unknown) 19:14:50 S: 220 winserver.com Wildcat! ESMTP Server v6.1.451.9 ready 19:14:50 C: EHLO [192.168.1.103] 19:14:50 S: 501 Invalid EHLO client address. 19:14:50 C: HELO [192.168.1.103] 19:14:50 S: 501 In...

Access Violation When Starting Delphi
Irregularly, when starting the D7 IDE with still nothing but the D7 splash screen showing, I get 'Access Violation in vcl70.bpl' followed by the message 'Error reading EditWindow.Icon.Data. The window does not have scroll bars.' At the moment, I am working on a single project so always open the same one. I have zero 3rd party components registered in D7. What to make out of this? Thank you for your comments. Andreas Hi! Try starting your project with -np switch. Delphi will open with no project. > Vincent Bergeron wrote: > Try starting your project...