Ja, das klingt sehr ähnlich. Bei RSP-29074 scheint der Server das Problem zu sein, bei mir glaube ich eher der Client:
Wenn ich die Aktivitäten des Clients (Connect, WriteLn) auskommentiere und stattdessen mit OpenSSL.exe connecte, dann kann ich eine Verbindung zum dem IdTCPServer mit SSL aufbauen:
OpenSSL> s_client -connect
localhost:3333
CONNECTED(00000180)
Can't use SSL_get_servername
depth=0 C = DE, ST = Hamburg, L = Hamburg, O = My Domain Name GmbH, CN = mydomainname.com, emailAddress =
admin@example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = DE, ST = Hamburg, L = Hamburg, O = My Domain Name GmbH, CN = mydomainname.com, emailAddress =
admin@example.com
verify error:num=10:certificate has expired
notAfter=Jan 20 14:10:45 2015 GMT
verify return:1
depth=0 C = DE, ST = Hamburg, L = Hamburg, O = My Domain Name GmbH, CN = mydomainname.com, emailAddress =
admin@example.com
notAfter=Jan 20 14:10:45 2015 GMT
verify return:1
---
Certificate chain
0 s:C = DE, ST = Hamburg, L = Hamburg, O = My Domain Name GmbH, CN = mydomainname.com, emailAddress =
admin@example.com
i:C = DE, ST = Hamburg, L = Hamburg, O = My Domain Name GmbH, CN = mydomainname.com, emailAddress =
admin@example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICiTCCAfICAQAwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBA YTAkRFMRAwDgYD
VQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMRwwGgYDVQ QKExNNeSBEb21h
aW4gTmFtZSBHbWJIMRkwFwYDVQQDExBteWRvbWFpbm5hbWUuY2 9tMSAwHgYJKoZI
hvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTAeFw0xNDAxMjAxND EwNDVaFw0xNTAx
MjAxNDEwNDVaMIGMMQswCQYDVQQGEwJERTEQMA4GA1UECBMHSG FtYnVyZzEQMA4G
A1UEBxMHSGFtYnVyZzEcMBoGA1UEChMTTXkgRG9tYWluIE5hbW UgR21iSDEZMBcG
A1UEAxMQbXlkb21haW5uYW1lLmNvbTEgMB4GCSqGSIb3DQEJAR YRYWRtaW5AZXhh
bXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL wMueFOOgSx3OOL
yx3RXb1/c3c1YVwwkTOYHR3Fv40yd3ISzmoYE4a8cFsuQmj1Tlkef7Ror4 ZR9nvm
VNuomvpVoYa6qiA3Xx4W6kHf59Tw9wi7hlouY7fBDRRmepfgL5 WsdFqrX1gLNHZB
v60CemkX4K7z9DDjskilT4w9MDGXAgMBAAEwDQYJKoZIhvcNAQ EFBQADgYEAfb4O
IGbGDSFMJrbv/+Uv7mQFAT98kPCiwijLeu2vUrLjE4b98K8Fg90P5ywOzwvA4g9 8
u0ojEpTxWqbZ1+EVcU7bPIb2wmVJer3mac7n4ofL2DpiPlELxT mVc3p+KwyUbb2f
W5zSTKw9ofcn86K9ECD8dbrnkQw6kb4Qc6vsgyk=
-----END CERTIFICATE-----
subject=C = DE, ST = Hamburg, L = Hamburg, O = My Domain Name GmbH, CN = mydomainname.com, emailAddress =
admin@example.com
issuer=C = DE, ST = Hamburg, L = Hamburg, O = My Domain Name GmbH, CN = mydomainname.com, emailAddress =
admin@example.com
---
No client certificate CA names sent
---
SSL handshake has read 961 bytes and written 483 bytes
Verification error: certificate has expired
---
New, TLSv1.2, Cipher is AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID: 2A48A00128AD68EF91FF43F64A2212FAF350907745423974D4 8767DFBBB5FAF6
Session-ID-ctx:
Master-Key: A648E9F933F4F048CEBC8E568DD6613FF7F6B1DA78C36E9537 4ED09E7E133A6C78BB8068224DC2B6BE23E6AA83EC0730
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 4a a1 a2 3e 67 e5 52 d3-cd 4c f9 43 f6 f1 42 f9 J..>g.R..L.C..B.
0010 - 36 cf 3f 43 ce 2c
db 16-b6 c1 0e 17 63 cf 23 d6 6.?C.,......c.#.
0020 - d7 1c 20 9b 39 58 14 29-0e a7 55 39 85 c4 aa 72 .. .9X.)..U9...r
0030 -
df 15 b1 3c 5e 86 1c fe-28 fe 25 eb 84 29 bb 39 ...<^...(.%..).9
0040 - 7f 4b 12 0c 15
cc 2c 36-49 be 35 96 e6 ca 4a 7f .K....,6I.5...J.
0050 - 3f 07 bb 2c bd 9a 33 86-d1 26 33 c9 6b 92 b7 95 ?..,..3..&3.k...
0060 - 8a 14 d7 11 1e b0 38 08-33 ff a6 e6 9f c3 5c ce ......8.3.....\.
0070 - d2 e1
ec 57 5a 12 85 8a-02 20 c9 28 53 b1 d3 d1 ...WZ.... .(S...
0080 - a1 2d 56 7d c9 18 e0 af-44 e3 e7
df c6 9a 71 59 .-V}....D.....qY
0090 - cb 9d be f1 32 d5 5c 7a-bc d5 4c e4 d4 03 81 a2 ....2.\z..L.....
Start Time: 1591376795
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
---
hello
huhu
Im Memo meines Demo-Projekts steht dann:
btConnect clicked
btConnect done
ServerThread:
Indy-Version: 10.6.2.0
ServerThread: ServerSSLGetPassword
ServerThread: ServerConnect start
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Handshake Start, AMsg=before/accept initialization
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=before/accept initialization
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 read client hello A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 write server hello A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 write certificate A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 write server done A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 flush data
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 read client certificate A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 read client key exchange A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 read certificate verify A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 read finished A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 write session ticket A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 write change cipher spec A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 write finished A
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Loop, AMsg=SSLv3 flush data
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Handshake Done, AMsg=SSL negotiation finished successfully
ServerThread: ServerSSLStatusInfoEx: AsslSocket.Version=0303, AType=Accept Exit, AMsg=SSL negotiation finished successfully
ServerThread: ServerConnect done
ServerThread: received: hello
ServerThread: received: huhu