Board index » delphi » POP3 SSL with Indy 9

POP3 SSL with Indy 9


2005-01-25 12:06:26 AM
delphi122
Dear All,
I'm developing an application that downloads mail via POP3 using SSL. I am using Indy 9 from VCS (10.10.2004) and OpenSSL 0.9.6m (from Indy FTP site) and running Windows XP. I set up SSL in the following way:
var
pop3: TIdPOP3;
handler: TIdSSLIOHandlerSocket;
{...}
handler := TIdSSLIOHandlerSocket.Create(pop3);
pop3.IOHandler := handler;
pop3.Username := 'user';
pop3.Password := 'pass';
pop3.APOP := false;
pop3.Port := 110;
pop3.Host := 'somehost';
pop3.Connect;
For most POP3/SSL servers it works well. But with one server I have a problem. An exception occurs in 'pop3.Connect' call. I have debugged it, and figured out that the following SSL error occurs:
error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list
When I use OpenSSL test utility on Linux ('openssl s_client -connect
ipostoffice.worldnet.att.net:995') with the failing server, there's no problem. So it seems that the problem is with Indy.
I also discovered that servers that work OK use DES-CBC3-SHA cipher, and the one that fails uses RC4-SHA.
Here are parameters for the account if you are interested:
Username: XXXX@XXXXX.COM
Password: xy123456
Incoming server: ipostoffice.worldnet.att.net
SSL: on
Please help me with this problem. TIA.
 
 

Re:POP3 SSL with Indy 9

Yuriy Synov writes:
Quote
I also discovered that servers that work OK use DES-CBC3-SHA cipher, and the one that fails uses RC4-SHA.
Most likely OpenSSL doesn't support RC4 for patent reasons.
You might want to try SecureBlackbox
(www.secureblackbox.com/delphi-ssl.html)
Sincerely yours,
Eugene Mayevski
 

Re:POP3 SSL with Indy 9

Quote
Most likely OpenSSL doesn't support RC4 for patent reasons.
OpenSSL does indeed support RC4 because test utility of OpenSSL connects to that server without problems.
 

Re:POP3 SSL with Indy 9

Yuriy,
Take a look at Clever Internet Suite
clevercomponents.com/products/inetsuite/pop3.asp it has full SSL
support out of the box.
Best regards,
Clever Components Team
www.clevercomponents.com
"Eugene Mayevski" <XXXX@XXXXX.COM>writes
Quote
Yuriy Synov writes:

>I also discovered that servers that work OK use DES-CBC3-SHA cipher, and
the one that fails uses RC4-SHA.

Most likely OpenSSL doesn't support RC4 for patent reasons.

You might want to try SecureBlackbox
(www.secureblackbox.com/delphi-ssl.html)

Sincerely yours,
Eugene Mayevski