-
Posts
25 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by pcoenen
-
-
Yes I already use this information (cipherlist), thank you. The problem is that the 'old' openSSL dll's (1.0.2u) get 'red' flagged at some of my customers. It would be nice if we would know when TLS1.3 support would be added or if we could add it ourselves using for example YuOpenSSL or alternatives.
-
Regularly I get the question from my customers to support TLS1.3. Is there any news regarding this item. would it be possible to use YuOpenSSL with uniGUI? Any other ways to add TL1.3 to uniGUI?
Regards,
Pascal
-
4 minutes ago, irigsoft said:
it's not a problem for my time, I want to help you and for everyone's sake afterwards, but I can't give you a ready-to-use solution.
I am not sure what is your purpose:
you want to block the use of SSL3 (like your example: https://stackoverflow.com/questions/44767903/delphi-indy-ssl-parameters),
or something else because error message is exact that: https://appuals.com/how-to-fix-ssl_error_no_cypher_overlap/
Due to a vulnerability-scan at one of my customers we got the request to add an option for a customized cipher list. We got a couple of ciphers they would like to use and that is when I started getting this error message. I'll try further and let you know the result.
-
1 minute ago, irigsoft said:
You have to check, but I think so.
Ok, sorry for your time, I had to tell you this in the beginning. Thank you very much for all your information on the forum regarding security. Much appreciated.
-
2 minutes ago, irigsoft said:
can you try with another/external IP (not 127.0.0.1) ?
Same error message:
An error occurred during a connection to 10.211.55.8:8077. Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
-
FYI, this one works 'from your example code':
cCIPHER_LIST_4: WideString = 'AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA';
(Stupid) question, I'm using a Self Signed certificate, could this be the issue?
-
It only works when RSA+AESGCM or RSA+AES is in the list.
Firefox information about the encryption used.
FYI, Same issue with Chrome:
127.0.0.1 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH -
14 minutes ago, irigsoft said:
Hello,
Did you try this solution: https://kinsta.com/blog/ssl_error_no_cypher_overlap/#2-reset-your-tls-and-ssl3-settings
please share part of your code how exactly you use it.
SSL.SSLOptions.SSLVersions := [sslvTLSv1_2];
SSL.SSLOptions.CipherList := '
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5:!DSS
';It seems to work when I add older ciphers like:
SSL.SSLOptions.CipherList := '
RSA+AESGCM:RSA+AES';
I tried the different solutions from the link, did not help.
(Thank you for your reply)
-
Hi,
I'm using 1.0.2u OpenSSL dll's from Indy and uniGUI 1.90.0.1563
I must be something wrong trying to implement this. So I'm setting SSL.SSLOptions.CipherList to a desired list of ciphers:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256
When trying to connect to my uniGUI webserver (testing it as application and as service) I get the following error message from Firefox:
QuoteSecure Connection Failed
An error occurred during a connection to 127.0.0.1:8077. Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Only when I add the following (old) ciphers, then it works:
AES128-SHA
AES256-SHAAny idea what I'm doing wrong.
Regards,
Pascal
-
Thank you, works just fine.
-
Hi,
I'm trying to scrolldown to the end of my UniMemo using the following code but this doesn't seem to work.
mmRunTimeLog.JSInterface.JSCall('inputEl.scrollTo', ['bottom']);
Any idea what I could be doing wrong? Using uniGUI v1.90.0.1551
Regards,
Pascal
-
ok I enabled 'soDontLoadJQueryLib' and everything still seems to work so now I'm a bit confused. Which components use the JQuery Lib?
-
Also at the moment, you can try disabling jQuery
And 'everything' should still work or which part not?
-
No, it's a UniGUI service connecting to a TCP socket and displaying information to the user. Quite simple until the customer used this IKERA tool ..
-
Standalone (as Service)
-
Hi,
One of my users mailed me the following information:
QuoteThe vulnerability is still reported by the IKARE Tool through the tcp port 8077 .
This is the description of the vulnerability :
« Summary: The installed version of jQuery on the remote host has reached the End of Life (EOL) and should not be used anymore.
Impact: An EOL version of jQuery is not receiving any security updates from the vendor. Unfixed security vulnerabilities might be leveraged by an attacker to compromise the security of this host »
Any idea when the jQuery part in uniGUI will get an update?
Using uniGUI 1.90.0.1542
Regards,
Pascal
-
Hello,
I'm having an issue with the Gauge chart. It seemq I can't to find a way to get it like in the picture. Would like to use the gauge as a kind of circular progressbar. I would like to know how to get a 180° circle Gauge. Any idea what I'm doing wrong. Already tried so many options ..
Thank you,
Pascal
-
Hi All,
TUniSyntaxEdit does not have events like 'On Change' or 'OnKeyDown' like TUniMemo has. Is it possible to catch those events in the TUniSyntaxEdit component.
Regards,
Pascal
-
Thank You!
-
Question, is it possible to change the color of a progressbar. It seems that it depends on the theme now ..
I've three progressbars and they all should have a different color.
Thank you
Pascal
-
Quote
Sorry for the frustrations but I can not build serious web applications and after each update, wait to see what I see or should change. My application only
has 120 forms and i'm not willing to modify them after updateHaving the same issue here. Had to update all my forms after switching to 1.5. I'm afraid what will happen if I install 1.7.
But .. UniGui is a great product :-)
-
Yes, this works! Thanks DD
-
Hi DD,
Now I get the message 'Loading ...'. The page does not show anymore.
Regards,
Pascal
-
Ok now I understand. The je..@te....be was the account I used before I bought a License. So I swapped to my 'official' account now (I will remove the other one).
It can only be changed by changing height of the radiogroup control.
Changing the height does not change the spacing between the radio items..
Using TLS1.3 with uniGUI
in General
Posted
Fyi, could you please check
https://github.com/mezen/Indy/tree/NewOpenSSL_PR
This is from Mezen who provided the pull request for the new openssl IO handler.