How to upgrade to tls 1.2 ?

We have a very old application, written in Delphi 7, using Intraweb 8.0.2, indy 10 and openssl

We don't plan to extend or improve our application, 
but our customer asked us to upgrade this application
to support the last release of the tls protocol (tls 1.2)

It's several  days i'm fiddling with all this components, and I've come to the following conclusions :

Indy10 seems to works with the latest release of openssl, 
I've managed to make an elementary  server application using just delphi, indy10 and openssl, 
using the openssl binaries taken from :

http://indy.fulgan.com/SSL/openssl-1.0.2c-i386-win32

and I managed to test it using the openssl command line program.
This test app correctly refuses all kinds of connection protocols except TLS1.2, that is our customer requirement.


The trouble starts when I try to use Intraweb with Indy and openssl.
I made a bare standalone intraweb application, just to test the ssl connection.

As soon as I try to start the application I get the following error message:

exception EidOSSLCouldNotLoadSSLLibray in module Standalone.exe at 000EE8E1. Could not load SSL Libray

Obviously , the 2 dll, libeay.dll and ssleay.dll are both present in the app directory, with the 3 certificates, and the certificate password
is correctly set in the on constructor, as follows :

{code}
constructor TIWServerController.Create (aOwner:tComponent);
begin
  try
    Inherited Create (aOwner);
    SSLOptions.Port := 443;
    SSLOptions.CertificatePassword := 'XXXXXXXXXX';
    SSLOptions.nonSslrequest := nsBlock;
  except
    on e : exception do begin
      mylog(e.message + ' ' + WhichFailedToLoad());
    end;
  end;
end;
{code}


I've read the following thread :
http://atozed.com/IntraWeb/Download/Old%20SSL%20Notes.EN.aspx

where it speaks about interface changes that renders unusable the current (and future ?) versions of openssl

Now I don't understand where is the trouble :

Is in the interface between Intraweb and Indy ? (because indy and openssl correctly work)

We have a regular registered version on  Intraweb 8.0, licence number 2147441439
Expiration Date: mar 09, 2008,
but we have only a subset of the intraweb sources, 
Expecially we miss the sources of the Servercontroller unit, where, I suppose, the web server is initialized.

Is it there some undocumented procedure we can override ?
Can we do something about it ?

Please help !!

Best regards.
Maurizio Ferreira
1
Maurizio
6/17/2015 10:42:05 AM
embarcadero.delphi.intraweb 3901 articles. 1 followers. Follow

10 Replies
4209 Views

Similar Articles

[PageSpeed] 19

Maurizio wrote:

> As soon as I try to start the application I get the following error
> message:
> 
> exception EidOSSLCouldNotLoadSSLLibray in module Standalone.exe at
> 000EE8E1. Could not load SSL Libray

And what does WhichFailedToLoad() actually report?  'Could not load SSL Library' 
is an Indy error message, but it is not one that WhichFailedToLoad() would 
return.

> I've read the following thread :
> http://atozed.com/IntraWeb/Download/Old%20SSL%20Notes.EN.aspx
> where it speaks about interface changes that renders unusable the
> current (and future ?) versions of openssl

"OpenSSL changed the interface after 0.9.8e and makes later versions unusable 
without recompiling and changing code." - I have never heard of that, and 
Indy works just fine with later versions of OpenSSL.

"IntraWeb uses a version of Indy that requires specifically the OpenSSL 0.9.8e 
API." - Indy has no such requirement, and works just fine with 1.x versions 
of OpenSSL.  If IntraWeb has a dependancy on 0.9.8e, then that has to be 
something AToZed introduced in their own code.

> Is in the interface between Intraweb and Indy ? (because indy and
> openssl correctly work)

Maybe.  Indy does go through periodic interface changes.  And IntraWeb (and 
Embarcadero) uses its own private copy of Indy to maintain stability when 
Indy does change.

-- 
Remy Lebeau (TeamB)
0
Remy
6/17/2015 5:26:15 PM
The FailedToLoad function returns an empty string.
I've traced it encapsulating the entire program in a try / except statement, since the exception occurs after controller creation.

Now I don't understand clearly the relations between Delphi, Intraweb, Indy and other components.

This is the full story of this project:

We initially installed Delphi 7 whith the bundled Intraweb version.
Short after, we bought and installed a  regular Intraweb licence.

Some time after that, we needed to install Indy10 to handle communications with external servers, from our Intraweb application.
After that we needed to install a third part component, Eldos SecureBlackbox SFTP to handle  SFTP file transfer.
Now our customer ask us to implement TLS 1.2 in the web server.

So the questions are :

Does Intraweb use our latest Indy10 instance or it uses a private copy of Indy ?
Why this "could not load ssl libraries" error ?
Wich version of Intraweb is needed to work in https tls 1.2 ?
Does it works on Delphi 7 or do we need to upgrade to a later version ?
Which version of openssl libraries are needed to work with such a version of Intraweb, and where to get them ?

I know theese are a lot of questions, but we really need help.
Thanks.
Maurizio.







 to load 

> {quote:title=Remy Lebeau (TeamB) wrote:}{quote}
> Maurizio wrote:
> 
> > As soon as I try to start the application I get the following error
> > message:
> > 
> > exception EidOSSLCouldNotLoadSSLLibray in module Standalone.exe at
> > 000EE8E1. Could not load SSL Libray
> 
> And what does WhichFailedToLoad() actually report?  'Could not load SSL Library' 
> is an Indy error message, but it is not one that WhichFailedToLoad() would 
> return.
> 
> > I've read the following thread :
> > http://atozed.com/IntraWeb/Download/Old%20SSL%20Notes.EN.aspx
> > where it speaks about interface changes that renders unusable the
> > current (and future ?) versions of openssl
> 
> "OpenSSL changed the interface after 0.9.8e and makes later versions unusable 
> without recompiling and changing code." - I have never heard of that, and 
> Indy works just fine with later versions of OpenSSL.
> 
> "IntraWeb uses a version of Indy that requires specifically the OpenSSL 0.9.8e 
> API." - Indy has no such requirement, and works just fine with 1.x versions 
> of OpenSSL.  If IntraWeb has a dependancy on 0.9.8e, then that has to be 
> something AToZed introduced in their own code.
> 
> > Is in the interface between Intraweb and Indy ? (because indy and
> > openssl correctly work)
> 
> Maybe.  Indy does go through periodic interface changes.  And IntraWeb (and 
> Embarcadero) uses its own private copy of Indy to maintain stability when 
> Indy does change.
> 
> -- 
> Remy Lebeau (TeamB)
0
Maurizio
6/19/2015 8:10:54 AM
On 6/19/2015 4:10 AM, Maurizio Ferreira wrote:
> Does Intraweb use our latest Indy10 instance or it uses a private
> copy of Indy ? Why this "could not load ssl libraries" error ? Wich

IW uses a private aliased copy of Indy with Id instead of In to avoid 
breaking code if the user uses a different version of Indy.

> version of Intraweb is needed to work in https tls 1.2 ? Does it
> works on Delphi 7 or do we need to upgrade to a later version ? Which

Alexandre would have to answer, but D7 has not been supported for 
several years by IW and likely you will need to update to D2009 or later 
and a later IW.

Another option would be to deploy as ISAPI and use SSL in IIS.

-- 
"Programming is an art form that fights back"
0
Chad
6/19/2015 12:14:25 PM
Maurizio wrote:

> After that we needed to install a third part component, Eldos
> SecureBlackbox SFTP to handle  SFTP file transfer.

SFTP (FTP over SSH) or FTPS (FTP over SSL/TLS)?  Indy 10 supports the latter.

> Does Intraweb use our latest Indy10 instance or it uses a private copy
> of Indy ?

Its own private copy.

> Why this "could not load ssl libraries" error ?

Without exact information from WhichFailedToLoad(), I can only guess.  That 
is why I asked you to call WhichFailedToLoad() (and make sure you are calling 
the one in IntraWeb's version of Indy, not the one in your copy of Indy).

Since you are using an old version of IntraWeb, my guess would be that it 
might be relying on Indy 8/9 instead of Indy 10, and that it might be relying 
on a version of Indy that depended on customized OpenSSL DLLs rather than 
the official DLLs.  Those DLLs are available at http://indy.fulgan.com/SSL/Archive/, 
but they predate TLS v1.2, IIRC.

> Wich version of Intraweb is needed to work in https tls 1.2 ?
>
> Does it works on Delphi 7 or do we need to upgrade to a later version
> ?

I have no clue.  I don't use IntraWeb.  Ask AtoZed.

-- 
Remy Lebeau (TeamB)
0
Remy
6/21/2015 3:20:02 AM
Maurizio wrote:

> After that we needed to install a third part component, Eldos
> SecureBlackbox SFTP to handle  SFTP file transfer.

SFTP (FTP over SSH) or FTPS (FTP over SSL/TLS)?  Indy 10 supports the latter.

> Does Intraweb use our latest Indy10 instance or it uses a private copy
> of Indy ?

Its own private copy.

> Why this "could not load ssl libraries" error ?

Without exact information from WhichFailedToLoad(), I can only guess.  That 
is why I asked you to call WhichFailedToLoad() (and make sure you are calling 
the one in IntraWeb's version of Indy, not the one in your copy of Indy).

Since you are using an old version of IntraWeb, my guess would be that it 
might be relying on Indy 8/9 instead of Indy 10, and that it might be relying 
on a version of Indy that depended on customized OpenSSL DLLs rather than 
the official DLLs.  Those DLLs are available at http://indy.fulgan.com/SSL/Archive/, 
but they predate TLS v1.2, IIRC.

> Wich version of Intraweb is needed to work in https tls 1.2 ?
>
> Does it works on Delphi 7 or do we need to upgrade to a later version
> ?

I have no clue.  I don't use IntraWeb.  Ask AtoZed.

-- 
Remy Lebeau (TeamB)
0
Remy
6/21/2015 5:24:38 AM
Hi!

> Which version of Intraweb is needed to work in https tls 1.2 ?

You will need IntraWeb XIV to use TLS 1.2.

> Which version of openssl libraries are needed to work with such a
> version of Intraweb, and where to get them ?

IntraWeb works with many OpenSSL versions. But you shoud not use older versions if your main concern is security (I guess it is, owtherwise why bother with TLS 1.2...)

> Does it works on Delphi 7 or do we need to upgrade to a later version
> ?

IntraWeb XIV works with Delphi 2009 to XE8

> Does Intraweb use our latest Indy10 instance or it uses a private copy
> of Indy ?

It uses an internal version (aliased) of Indy 10 (based on XE6 distribution)

> Why this "could not load ssl libraries" error ?

This is the old D7 application or a new IW application? 


This document contains links to OpenSSL libraries. You can use older and newer files as well. The recommended version is 1.0.1x (Where x can be any letter) though.

http://atozed.com/IntraWeb/Download/SSL.EN.aspx
0
Alexandre
6/22/2015 8:39:59 AM
Il 22/06/2015 10:39, Alexandre Machado ha scritto:
> Hi!
>
>> Which version of Intraweb is needed to work in https tls 1.2 ?
>
> You will need IntraWeb XIV to use TLS 1.2.
>
>> Which version of openssl libraries are needed to work with such a
>> version of Intraweb, and where to get them ?
>
> IntraWeb works with many OpenSSL versions. But you shoud not use older versions if your main concern is security (I guess it is, owtherwise why bother with TLS 1.2...)
>
>> Does it works on Delphi 7 or do we need to upgrade to a later version
>> ?
>
> IntraWeb XIV works with Delphi 2009 to XE8
>
>> Does Intraweb use our latest Indy10 instance or it uses a private copy
>> of Indy ?
>
> It uses an internal version (aliased) of Indy 10 (based on XE6 distribution)
>
>> Why this "could not load ssl libraries" error ?
>
> This is the old D7 application or a new IW application?
>
>
> This document contains links to OpenSSL libraries. You can use older and newer files as well. The recommended version is 1.0.1x (Where x can be any letter) though.
>
> http://atozed.com/IntraWeb/Download/SSL.EN.aspx
>
So If I upgrade to Delphi XE8, I can use the internal Indy components 
vers 10 in my app and they will handle tls 1.2 ?
0
Maurizio
6/23/2015 12:21:26 PM
On 6/23/2015 8:21 AM, Maurizio Ferreira wrote:
> So If I upgrade to Delphi XE8, I can use the internal Indy components
> vers 10 in my app and they will handle tls 1.2 ?

Yes. But you don't need XE8 - just IW 14 which works from D2009 up.


-- 
"Programming is an art form that fights back"
0
Chad
6/23/2015 2:38:55 PM
On 6/23/2015 8:21 AM, Maurizio Ferreira wrote:
On 6/23/2015 8:21 AM, Maurizio Ferreira wrote:> So If I upgrade to 
Delphi XE8, I can use the internal Indy components
 > vers 10 in my app and they will handle tls 1.2 ?

Yes. But you don't need XE8 - just IW 14 which works from IIRC D2009 up.


-- 
"Programming is an art form that fights back"
0
Chad
6/23/2015 2:39:29 PM
Maurizio wrote:

> After that we needed to install a third part component, Eldos
> SecureBlackbox SFTP to handle  SFTP file transfer.

SFTP (FTP over SSH) or FTPS (FTP over SSL/TLS)?  Indy 10 supports the latter.

> Does Intraweb use our latest Indy10 instance or it uses a private copy
> of Indy ?

Its own private copy.

> Why this "could not load ssl libraries" error ?

Without exact information from WhichFailedToLoad(), I can only guess.  That 
is why I asked you to call WhichFailedToLoad() (and make sure you are calling 
the one in IntraWeb's version of Indy, not the one in your copy of Indy).

Since you are using an old version of IntraWeb, my guess would be that it 
might be relying on Indy 8/9 instead of Indy 10, and that it might be relying 
on a version of Indy that depended on customized OpenSSL DLLs rather than 
the official DLLs.  Those DLLs are available at http://indy.fulgan.com/SSL/Archive/, 
but they predate TLS v1.2, IIRC.

> Wich version of Intraweb is needed to work in https tls 1.2 ?
>
> Does it works on Delphi 7 or do we need to upgrade to a later version
> ?

I have no clue.  I don't use IntraWeb.  Ask AtoZed.

-- 
Remy Lebeau (TeamB)
0
Remy
6/24/2015 6:55:06 AM
Reply:

Similar Artilces:

How to upgrade from 2.1.1 to 2.1.2?
I have 2.1.1 wokring fine and I have spent a lot of time making it just right but I want to make sure I have the latest & greatest so I am trying to get 2.1.2 to work so I can upgrade. When I try to set-up 2.1.2 I get a few errors such as: Could Not Load Skin: ~/Portals/_default/Skins/_default/admin.ascx Error: C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\Temporary ASP.NET Files\dnn212\295dc47c\1861dacc\3z6nxty1.0.vb(159): error BC30560: 'admin_ascx' is ambiguous in the namespace 'ASP'. Is there a simple way to upgrade from 2.1.1 to 2.1.2? RDD Iff you have not made any cha...

Version 2.1.1 to 2.1.2 upgrade
Hi folks, I upgraded from 2.1.1 to 2.1.2 last night. In case anybody wants it, I created a ZIP file containing the changed RUNTIME files - all you need to do is extract and ftp over the top of your 2.1.1 install - assuming you've NOT MODIFIED anything yourself... ;) Get the ZIP file here. Hope someone finds it helpful. joel joelblogs.co.uk...

Never done upgrade before. Have a 2.1.2 site w/many custom (purchased) modules, some of which are no longer supported. Don't see *any* info in 3.1 install docs for 2.1.2 upgrade?
Hey folks: I'm about to try something very scary, and I've spent the last 5 or so hours reading DNN 3.1 docs and doing searches here (sure which the search worked better, like allowed sort by date??).  Anyway, I don't see *any* info on updating a 2.1.2 site to a 3.1 site.  The only examples all have machine key stuff and other stuff that's not an issue (or is it?) w/2.1.2 Here's the situation: 1 I have localhost access to the site via remote desktop 2. I have disconnected backed up data and log files and reconnected 3. I have made a copy of the virtual folder. No...

Having problems loging in after upgrading from 2.1.2 to 3.1.1
Ok i have done the upgrade from 2.1.2 to 3.1.1 the installer did its magic and i got the click here to access your portal/site which means the upgrade went well... but now i get this error on my homepage A critical error has occurred.Multiple controls with the same ID 'ctr' were found. FindControl requires that controls have unique IDs.Can some one help me out and explain what this means???? Has any one seen that before ??? ... The other thing i cannot log into the site either ... when i login it takes me back to the home page and i dont have the control panel or anythin...

Bug DNN 3.1.1 Upgrade from 2.1.2 -> 3.1.0 ->
Somewhere along the process, (I missed when) a portal upgrade created a problem with portal creation. The site is created fine, but the password for the admin is never correct. I have to use host to correct it. Anyone faced this ?Do you know the truth when you hear it? are you using the same hash keys in your web.config? this got me one time-DarrenNeese.com-DNN ROCKS!-DeveloperSchool.com Thanks, this helped me narrow it down and realize it was possibly the upgrade from DNN2 to DNN 3. Since there are no hash keys in DNN2 because it uses an encryption key, how did you solve it?Do you know ...

Upgrade from VirtualBox 2.1.0 to 2.1.2 vboxdrv issue
Hey everybody, I've already posted on the Vbox forums, but I want to post here to diversify. Here's the situation: OpenSuse 11.1 host. Vbox 2.1.0 was installed from binary. Upgraded to 2.1.2 earlier today (tried several times using rpm command-line and Yast). Yast doesn't report errors, but rpm on cli does. Error on install is "Stopping VirtualBox kernel module failed (Cannot unload module vboxdrv)." Dmesg reveals: vboxnetflt: no symbol version for SUPDrvLinuxIDC vboxnetflt: Unknown symbol SUPDrvLinuxIDC VirtualBox boots, but if I attempt to start a VM I...

DNN 2.1.2 to 3.1.2 upgrade, skin probs
OK, we'll I've had a good read around here, and I've read Charles great install doc.  But I'm still stuck.In fact I've had to restore my old db and files - and have got back to 2.1.2.My problem is that upon upgrading, I get a light blue 'skin'? appearance on the all the modules.  The 2.1.2 sites (six of them) do not have that "appearance" - and that's the way I'd like to keep it.  I have tried 'resetting' the skins (in that Admin section they all show as 'not installed' (or whatever it is)).  It doesn't seem to help.  I get several 'container file not found' type mes...

Help!!! After upgrading DNN 2.1.2 to 3.1.1 FTB Error
I keep on getting this error after upgrading a DNN 2.1.2 to DNN 3.1.1 (Windows 2k with SQL Server 2000). The Text/HTML module when in edit comes up with error as follws; Edit Text/HTML    Basic Text Box Rich Text Editor An error has occurred.DotNetNuke.Services.Exceptions.ModuleLoadException: The data at the root level is invalid. Line 1, position 1. ---> System.Xml.XmlException: The data at the root level is invalid. Line 1, position 1. at System.Xml.XmlTextReader.ParseRoot() at System.Xml.XmlTextReader.Read() at Sys...

iManager 1.2.2 to 2.0.2 Upgrade
I've been running GW 6.5 WebAccess on the following system configuration: Netware 6.0 SP4 eDirectory 8.7.3 SP2 IR JVM 1.4.1 SP6 Novell Enterprise Web Server Tomcat 3.3 Apache 1.03 iManager 1.2.2 Yesterday I made the following change: Upgraded iManager to v2.0.2 and Tomcat to v4.0. This change broke GW WebAccess. I'm getting the following error when I try to get into GW WebAccess. It appears to pop up as it tries to bring up the login page. Server Error This server has encountered an internal error which prevents it from fulfilling you...

Auto Upgrade from 2.1.2 w/ Access to 3.1.1 w/ SQL?
Just wondering if the install script and the Auto Upgrade of 3.1 is able to upgrade the Access database of a DNN 2.1.2 local site to a SQL database for 3.1 - and if so, do I need to create a SQL database first?  I would assume so since one must create a SQL database for a clean install.Or are users of DNN 2.1.2 using the Access dataprovider hosed on the upgrade to 3.1?  Thanks for any help. It seems there isn't a way to "upgrade" from an Access 2.1.2 database into the 3.1 SQL database.  That being said....  Anyone know of a way to port the old Access database into some ...

Upgrade 1.0.10 to 2.1.2
I am preparing to upgrade a site from DNN 1.0.10 to 2.1.2 The site is hosted on a remote server using a SQL database and when I originally installed the 1.0.10 version I did a search/replace on all of the database install scripts - removing [dbo]. and dbo. This seemed to be the only way that DNN would install smoothly. When I view the remote database using enterprise manager it seems that the tables and stored procedures are owned by either my user 'pkoanui' or 'dbo' I foresee this being a problem when upgrading to 2.1.2. I have since performed fresh installs of other DNN 2.1.2 sit...

Upgrading from 2.1.2 to 3.1.00
I am upgrading a DNN site from version 2.1.2 to 3.1.00. Now, I did read the "DotNetNuke Installation Guide.doc" ! (Ya Sure, You Betcha!) And, what I get is the error "The stored procedure 'dbo.GetPortalAliasByPortalID' doesn't exist." no matter what I do.In the What went wrong? Section of the 3.1 Docs you find a siminlar error message "Could not find stored procedure 'dbo.GetPortals' " and it talks about issues with the objectqualifier and dnn.config ! I've never used the objectqualifier previously, thus the value is set to a blank string and the dnn.config says...

Upgrading from 1.0.8 to 2.1.2
Hi, Im upgrading a friends site who hosts 3 parent portals. I made a quick backup and gave this a go (ie putting overwriting the old source) however it did not seem to recognise the old information I will give it another go this weekend and just wondered if you guys have any tips or tricks to look out for. Thanks ChrisMcKelt Solutions I've done several upgrades from 1.x versions to 2.1.2, and the main thing I run into are third party modules crashing. The way I've gone about it is to copy the database, change the web.config to point to the database, and drag and drop...

Upgrade 2.1.2 to 3.1 PLAN
Just wanted to throw my plan out there for upgrade.  Allow smarter folks to tell me where I will run into trouble.  I have a 2.1.2 site on a rented server.  I have a 2.1.2 development site using Access on my local machine.  I have recently installed and configured SQL Server 2000 locally and a DNN 3.1 local website which works fine.  I also have custom modules I've written (poorly but they work) and many third party modules on my server side production site.  My plan to upgrade the server site is:1.  Update my custom modules to work with DNN3 (by testing th...

Web resources about - How to upgrade to tls 1.2 ? - embarcadero.delphi.intraweb

Windows Anytime Upgrade - Wikipedia, the free encyclopedia
Windows Anytime Upgrade (WAU) was an upgrade method offered by Microsoft and selected licensed resellers to users who intended to upgrade their ...


President Obama's Facebook Page Upgrades To Timeline
Yes, we can upgrade to timeline. U.S. President Barack Obama's Facebook page has the new layout.

Update on Android Ice Cream Sandwich upgrades
HTC has been working hard to get its Ice Cream Sandwich upgrades ready, and we’re excited to announce that our first round of ICS upgrades will ...

Four Reasons to Upgrade to the New Share Dialog for iOS
... as friend tagging and privacy controls. 2. A faster and more native sharing experience Pinterest and popular iOS game 4 Pics 1 Word upgraded ...

More Streams: Facebook to Upgrade App Directory, App About Pages Soon
Over 50,000 applications have been added to the Facebook application directory since it first launched two years ago, and Facebook says it’s ...

Search Twitter - upgrade
... here Search Refresh Laura Tobin @ Lauratobin1 2m The only way to get through today is chocolate, I'm going to start small with baby & upgrade ...

Brain Upgrade - Improve Concentration and Relieve Stress! on the App Store on iTunes
Get Brain Upgrade - Improve Concentration and Relieve Stress! on the App Store. See screenshots and ratings, and read customer reviews.

upgrade - Flickr - Photo Sharing!
... Flickr. We noticed that you may be using an unsupported browser. All the basics will still work, but to get the most out of Flickr please upgrade ...

ModBook Upgrade by TechRestore - YouTube
http://www.techrestore.com/ - TechRestore Video - Here is the world's first Modbook upgrade video - TechRestore stop-motion style, of course! ...

Resources last updated: 12/4/2015 10:28:28 AM