I use TIdHTTP for easy get requests. Mostly it works well but on some sites I cannot establish connection even if I try various settings. I tried to follow answer from here
To truly connect to "any" server, you would have to detect a "wrong version" error and retry with a different specific Method/SSLVersions configuration. Unfortunately, the "wrong version" reply does not include the server's actual version, so you have to use trial-and-error. If SSLv23 fails, try TLSv1_2. If that fails, try TLSv1_1. If that fails, try TLSv1. If that fails, try SSLv3.
But it didn't help.
Exception - 'Error connecting with SSL.error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure'
Or undestandable SSL routines:SSL3_GET_RECORD:wrong version number. But I cannot solve exactly SSL3_READ_BYTES:sslv3 alert
Sample code which reproduce problem and examples of websites:
begin
httpSender := TIdHTTP.Create(nil);
SSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
SSL.SSLOptions.Method := sslvTLSv1; //or sslvSSLv3, sslvTLSv1,sslvTLSv1_1
//or
//SSL.SSLOptions.Method := sslvSSLv23;
//SSL.SSLOptions.SSLVersions := [sslvSSLv2, sslvSSLv3, sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
httpSender.IOHandler := SSL;
//exceptions here
httpSender.Get('https://www.linux.org/');
//httpSender.Get('https://st.deviantart.net/');
//httpSender.Get('https://c.tcdn.co/fa4/aa2/fa4aa23e-f55b-11e6-ba87-040157cdaf01/channel256.png');
end;
So how should I configure TIdHTTP for connecting to these websites?
I use Delphi XE8 and openssl 1.0.1e
None of the sites in your question needs a lower TLS protocol version. They are all perfectly capable of communicating with TLS 1.2 and sometimes even TLS 1.3. But all of these sites work only if the client uses the SNI TLS extension to advertise the target hostname within the TLS handshake.
It is thus more likely that the problem is actually a missing SNI extension. This seems to be a known problem. See TIdHTTP and TLS SNI doesnt work for more information and ways how to deal with the problem.