[Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem

Michael Van Canneyt michael at freepascal.org
Sat Jan 13 09:30:17 CET 2024



On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote:

> I wrote a commit reporting application for Windows Server16 back in 2018 using
> then current Lazarus/Fpc.
> It is a command line program called from a hook in subversion to distribute the
> log message and details of commits among co-workers.
>
> It uses Indy 10.6.2 to do its job.
> The mailer class has these in uses:
>  {Indy units:}
>  IdSMTP,
>  IdMessage,
>  IdEMailAddress,
>  IdIOHandler,
>  IdIOHandlerSocket,
>  IdIOHandlerStack,
>  IdSSL,
>  IdSSLOpenSSL,
>  IdExplicitTLSClientServerBase,
>  IdMessageBuilder,
>
> Back mid-december 2023 the emails stopped arriving but the problem was not
> discovered/reported until I myself recently did a commit and I did not get the
> expected log message email...
>
> Now I have looked in the logfiles the application creates and found this error
> example:
>
> 20240111 17:13:35.343 Connecting to mailserver
> 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting with SSL.
> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
>
> Can someone please advice:
> - Is there an external (dll?) file on Windows Server 2016 might need to be
> updated for ssl to work in email handling using Indy10 with SSL?

Indy 10 uses a completely outdated version of the SSL library, which does
not have the most recent cryptographic routines (notably for tls).

Most likely the server was updated and now rejects this old version.

There is of course a new version of the openssl library (3.2.x).
The interface of that library changed, but to the best of my knowledge, 
indy does not support it.

The sgcWebSockets suite has an updated version of openssl which should be able to
support openssl 3, but that is paying software..

Michael.


More information about the lazarus mailing list