Delphi 7 and Indy 9.0 Error Connecting SSL

Question

I'm using TIdHTTP component to execute GET command, resulting in above error message:

Request.ContentType := 'text/html';
Request.CustomHeader.Values['Authorization'] := 'Basic '+ TIdEncoderMIME.EncodeString(SPIAKey)+':'TIdEncoderMIME.EncodeString(SAPISecret);

TIdSSLIOHHandlerSocket

Method - sslvSSLv2

Can someone help me on this?

Answer 1

NOBODY uses SSL v2.0 or SSL v3.0 anymore, as they are no longer secure. You need to use TLS v1.0 at a minimum ¹. Indy 9's TIdSSLIOHandlerSocket component supports up to TLS v1.0 max. Set the SSLOptions.Method property to sslvTLSv1 for that.

^{1: be aware that websites have slowly been dropping support for TLS v1.0, and major webbrowser vendors are dropping support for TLS v1.0 and v1.1 later this year.}

To use TLS v1.1 and higher, you need to upgrade to Indy 10, where TIdSSLIOHandlerSocket has been renamed to TIdSSLIOHandlerSocketOpenSSL, and its SSLOptions.Method property has been deprecated in favor of a new SSLOptions.SSLVersions property, which will allow you to enable TLS v1.0, v1.1, and v1.2 at the same time.

---

On a side note, you do not need to use the TIdHTTP.Request.CustomHeader property to use Basic authentication. TIdHTTP has built-in support for Basic. Simply set the TIdHTTP.Request.BasicAuthentication property to True and then use the TIdHTTP.Request.Username and TIdHTTP.Request.Password properties:

Request.ContentType := 'text/html';
Request.BasicAuthentication := True;
Request.Username := SPIAKey;
Request.Password := SAPISecret;

This works in both Indy 9 and 10.