Recent

Author Topic: SSL connection syanapse  (Read 415 times)

el3ctrolyte

  • New Member
  • *
  • Posts: 13
SSL connection syanapse
« on: September 04, 2020, 01:41:56 am »
Hey i was wondering about the ssl support of synapse. On the website it says it supports openssl version 9.7.0 which is quite old. I have been having issues with ssl connections where the server rejects my connection because of my openssl version. What can i do to prevent this?

Thaddy

  • Hero Member
  • *****
  • Posts: 10528
Re: SSL connection syanapse
« Reply #1 on: September 04, 2020, 09:05:12 am »
Use 3.2.0 or trunk, where the issue has been addressed. The issue is that older versions supported protocols that are no longer present in OpenSSL and similar libraries (SSL, SSL2, TLS1.0 are dropped from the OpenSSL binaries, and in all modern browsers, so you can not use those protocols anymore.)
TLS 1.1 may also be dropped in the near future.
The solution is to write your code to use TLS 1.2 or higher as SSL protocol. My own OpenSSL is 1.1.1d and works with synapse - and fcl-web/net - provided the above.

In effect it is not the OpenSSL version persé, but a wrong choice of protocol. I work with TLS 1.2 with a maximum fall-back to TLS 1.1 and that usually works with all modern browsers. Check your code for SSL2/SSL3/TLS1.0 and change accordingly.
See https://nl.wikipedia.org/wiki/Transport_Layer_Security and OpenSSL.org
« Last Edit: September 04, 2020, 09:25:52 am by Thaddy »

el3ctrolyte

  • New Member
  • *
  • Posts: 13
Re: SSL connection syanapse
« Reply #2 on: September 05, 2020, 12:21:19 pm »
Thanks for your reply! I figured out what the problem was, and it wasn't the ssl version, but actually the http version! After looking through synapse's documentation i found out that synapse uses http version 1.0 by default instead of http 1.1! The server that i was connecting to refused clients that was requesting http verion 1.0. Thats all i had to change!

For anyone else coming accross this post, this is how you change it:

Code: Pascal  [Select][+][-]
  1. sends:=thttpsend.create;
  2. sends.protocol:='1.1';
« Last Edit: September 05, 2020, 12:24:21 pm by el3ctrolyte »

 

TinyPortal © 2005-2018