Recent

Author Topic: LNET v0.66 doesn't support TLS 1.2 and 1.3  (Read 603 times)

han

  • Jr. Member
  • **
  • Posts: 58
LNET v0.66 doesn't support TLS 1.2 and 1.3
« on: August 25, 2019, 07:08:16 pm »

It looks like LNET v0.66 is outdated. Default it tries the old transport layer protocol SSL v2 or SSL v3. This fails with the latest OpenSSL v1.1.1.

I managed to force the available TLC 1.0 but that is also outdated and doesn't seem to work for all webpages.  Ideally LNET should be updated for TLS 1.2 or 1.3.

See: https://en.wikipedia.org/wiki/Transport_Layer_Security

and topic https://forum.lazarus.freepascal.org/index.php/topic,46382.msg331613.html#msg331613

Is there anybody who can pick the mayor task of updating LNET v0.66?


k1ng

  • New Member
  • *
  • Posts: 36
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #1 on: August 25, 2019, 07:57:46 pm »
Can you post a link to the github page of latest version?

But maybe it's better to update to something which is maintained/more widely used. If it still doesn't support TLS1.1 and TLS1.2...sounds kinda dead for a long time!
« Last Edit: August 25, 2019, 07:59:21 pm by k1ng »

han

  • Jr. Member
  • **
  • Posts: 58
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #2 on: August 25, 2019, 08:50:30 pm »
Here are the links:

https://wiki.lazarus.freepascal.org/lNet
https://lnet.wordpress.com/

https://github.com/almindor/lnet/commits/master

To my surprise the Github version (initial commit 1-1-2019) is including some new patches for TLS That's new to me. It mentions also TLS 1.2, so maybe my assumption that it didn't support TLS 1.2 is wrong. So there is some life in the development :). I will try the patched version still called version 0.66.
« Last Edit: August 25, 2019, 09:24:16 pm by han »

han

  • Jr. Member
  • **
  • Posts: 58
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #3 on: August 26, 2019, 11:24:50 pm »
LNET with patches no success. Error message in Lubuntu 19.4:

Unable to initialize OpenSSL library, please check your OpenSSL installation.


I'm using FPC 3.2 downloaded via SVN.
« Last Edit: August 26, 2019, 11:26:32 pm by han »

Tz

  • New Member
  • *
  • Posts: 40
  • Tz with FPC Pen Cil
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #4 on: August 27, 2019, 05:33:24 am »
check your lnetssl.pp,  call InitSSLInterface;  once

procedure TLSSLSession.CreateSSLContext;
var
  aMethod: PSSL_METHOD;
begin
  if not IsSSLloaded then
    raise Exception.Create('Unable to initialize OpenSSL library, please check your OpenSSL installation');

  if Assigned(FSSLContext) then
    SSLCTXFree(FSSLContext);
   
  if not FSSLActive then
    Exit;

  case FMethod of
    msSslTLS   : aMethod := SslMethodTLSV1_2; // DEPRECATED
    msSSLv2or3 : aMethod := SslMethodV23;
    msSSLv2    : aMethod := SslMethodV2;
    msSSLv3    : aMethod := SslMethodV3;
    msTLSv1    : aMethod := SslMethodTLSV1;
  end;

try change
    msSslTLS   : aMethod := SslTLSMethod; // New method

han

  • Jr. Member
  • **
  • Posts: 58
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #5 on: August 27, 2019, 12:39:32 pm »
I tried but InitSSLInterface doesn't solve the problem. See attached screenshot. I have raised an issue at Github.


« Last Edit: August 27, 2019, 12:47:45 pm by han »

Tz

  • New Member
  • *
  • Posts: 40
  • Tz with FPC Pen Cil
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #6 on: August 27, 2019, 01:31:00 pm »
Dear Han,

try update openssl.pas

initialization
  InitCriticalSection(SSLCS);
  InitSSLInterface;   // compatibility for version under 1.1.0  try add this


simple program to check

Code: Pascal  [Select]
  1. program testopenssl;
  2. {$mode objfpc}
  3. {$h+}
  4. uses OpenSSL;
  5.  
  6. begin
  7.         WriteLn('is openssl loaded: ', isSSLLoaded);
  8.         WriteLn(OpenSSL_unavailable_functions);
  9. end.
  10.  

han

  • Jr. Member
  • **
  • Posts: 58
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #7 on: August 27, 2019, 06:16:24 pm »
Tz,

Finally it works!!  Thank you !!  :D

There was some confusion. Initially I thought you provided an updated of Lopenssl in the Lnet lib directory. However Lnet is using openssl at  fpc/packages/openssl/src/openssl.pp

By placing the new openssl.pp. zcrypto.pp  in the Lnet lib directory it uses now this updated openssl.pp. So the problem was solved by only placing the openssl.pas in the lib directory of Lnet. What is the difference between the new one and the one provided by FPC 3.2 ??

Han


p.s for the record, attached the openssl.pp and zcrypto.pp provided by Tz to be placed in the Lnet lib directory. Furthermore download Lnet with the latest 2019 patches from Github.
« Last Edit: August 27, 2019, 09:01:41 pm by han »

han

  • Jr. Member
  • **
  • Posts: 58
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #8 on: August 28, 2019, 07:00:12 pm »
Hello Tz,

The author of Lnet is online. Could you give him a hint why your version of OpenSSL works? See

https://github.com/almindor/lnet/issues/4

Thanks again for your help!

Han

Tz

  • New Member
  • *
  • Posts: 40
  • Tz with FPC Pen Cil
Re: LNET v0.66 doesn't support TLS 1.2 and 1.3
« Reply #9 on: September 02, 2019, 07:38:55 am »
Hi Han,

nothing special I just get from svn trunk

https://www.freepascal.org/docs-html/current/user/userse73.html

and add some function for my purpose

just search for comment "// Tz"  which line I added

or just use diff utility for comparison

happy coding  :D