'Delhi TIdSSLIOHandlerSocketOpenSSL - how to configure CONNECT parameters

I watch the CONNECT request in Fiddler:

CONNECT site.name:443 HTTP/1.1
Pragma: no-cache
Connection: keep-alive
Host: site.name
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 36 77 2F 45 AE FD E6 98 98 7B 0A 46 DC 90 2B C0 59 75 8E 99 58 6A 30 06 52 AD DF AF DF FB 65 A6
"Time": 13.10.2006 15:23:34
SessionID: empty
Extensions: 
    server_name site.name
    ec_point_formats    uncompressed [0x0], ansiX962_compressed_prime [0x1], ansiX962_compressed_char2 [0x2]
    supported_groups    secp256r1 [0x17], secp521r1 [0x19], unknown [0x1c], unknown [0x1b], secp384r1 [0x18], unknown [0x1a], secp256k1 [0x16], sect571r1 [0xe], sect571k1 [0xd], sect409k1 [0xb], sect409r1 [0xc], sect283k1 [0x9], sect283r1 [0xa]
    SessionTicket   empty
    signature_algs  rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_sha224, dsa_sha224, ecdsa_sha224, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1
    heartbeat_rfc_6520  01
...

How to change section Extensions? The section for System.Net.HttpClient.THTTPClient is different:

Extensions: 
    server_name site.name
    supported_groups    secp384r1 [0x18], secp256r1 [0x17]
    ec_point_formats    uncompressed [0x0]
    signature_algs  rsa_pkcs1_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha1, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, dsa_sha1
    extended_master_secret  empty
    renegotiation_info  00

Is it possible to change list supported_groups, ec_point_formats or signature_algs?
Or add value extended_master_secret to extensions? I need the requests to match.

delphisslindy


Solution 1:[1]

Is that happening with your code play as client or server? With the message you provided, I guess that's a client side code.

You need to connect to the server with domain name, and the HTTP message showed that you wish to connect "site.name", which is not a real domain name, so you could not connect successfully.

That's the primary problem, and if you tried using SSLv3 to connect to HTTPS server, you will need client certificate. But I cannot be sure that's your requirement from the article.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Dennies Chang

Related Questions

Which is preferable: Free or FreeAndNil?

Delphi notification when a file gets updated

Unable to programmatically close the application when validation error is found - edited

Delphi Form Designer doesn't undo changes

Delphi TJvHidDeviceController : device cannot be opened

Delphi and Discrete Signals: Getting a fixed volume signal with fixed silence

Suppress Userproperty printing with outlook mail items

How to retrive Group mail box names for outlook profile using MAPI program?

The application was unable to start correctly (0xc000007b)

TWebbrowser / TEmbeddedWb : hide all messageboxes

Delphi FTP upload Access violation

Change the font colour of combo box in delphi firemonkey mobile

Delphi Twebbrowser change value of textbox.

How can I add a ListBoxItem programmatically?

How do I drag and drop from a TDBGrid?