Devart Forums

Discussion forums for open issues and questions concerning database tools, data access components and developer tools from Devart
https://forums.devart.com/

Unable to set IsSecure with TLSv1.3

https://forums.devart.com/viewtopic.php?f=27&t=58443

Page 1 of 1

Unable to set IsSecure with TLSv1.3

Posted: Sun 28 Aug 2022 20:11
by robert84
Hi

I'm having some trouble setting IsSecure on TLSv1.3. When I attempt so I get a EScError exception with message: 'The other side has sent a failure alert: [47]'

The code to trigger it is very simple, it is basically:

Code: Select all

    Protocols := [spTls13];
    Connect;
    IsSecure := True;
I'm providing a complete ZIP including:

- stunnel config file to run as server side
- Delphi 7 test project

It can be downloaded from: https://oshi.at/XDZf

In order to reproduce:

1. Start stunnel with:

Code: Select all

sudo stunnel test.conf
2. Build Project1.dpr and run it.

3. Press on button labeled 'TLSv1.2'. You'll see that a successful connection is logged on stunnel:

Code: Select all

2022.08.28 21:59:53 LOG5[0]: Service [test] accepted connection from 127.0.0.1:42950
2022.08.28 21:59:53 LOG6[0]: Peer certificate not required
2022.08.28 21:59:53 LOG6[0]: No peer certificate received
2022.08.28 21:59:53 LOG6[0]: Session id: XXXX
2022.08.28 21:59:53 LOG6[0]: TLS accepted: new session negotiated
2022.08.28 21:59:53 LOG6[0]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2022.08.28 21:59:53 LOG6[0]: Local mode child started (PID=1089023)
4. Now press button labeled 'TLSv1.3'. The app will raise EScError exception, and stunnel will display this:

Code: Select all

2022.08.28 22:02:35 LOG5[0]: Service [test] accepted connection from 127.0.0.1:42952
2022.08.28 22:02:35 LOG6[0]: Peer certificate not required
2022.08.28 22:02:35 LOG3[0]: SSL_accept: ../ssl/statem/extensions_srvr.c:697: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share
2022.08.28 22:02:35 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

Re: Unable to set IsSecure with TLSv1.3

Posted: Wed 31 Aug 2022 18:44
by robert84
Test case for Lazarus (tested on win32):

https://oshi.at/Gciz

Re: Unable to set IsSecure with TLSv1.3

Posted: Wed 19 Oct 2022 19:29
by Raedel
Same Issue... Answer from devs?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/