Hi to all,
I have this simple code
import std/httpclient, strformat, times
import std/cmdline
let client = newHttpClient()
proc startDigitaliso(url: string) =
let time_start = epochTime()
let msgNonRisponde = "non risponde"
try:
var response = client.request(fmt"https://{url}", httpMethod = HttpGet)
if response.status == "200 OK":
echo &"{url:<30}{epochTime()-time_start:>15}"
else:
echo &"{url:<30}{msgNonRisponde:>15}"
except Exception as e:
echo &"{url:<30}{e.msg:>15}"
finally:
client.close()
when isMainModule:
if commandLineParams().len > 0:
for url in commandLineParams():
startDigitaliso(url)
else:
echo "Serve almeno un url come parametro"
When I call a website on a Windows server 2008 r2 server an exception is thrown: Additional info: IO error has occurred in the BIO layer
I think it depends on the negotiation of the TLS protocol (on the server it is TLS 1.2).
Is it correct?
The request does not appear in the website log on the Windows server.
Additional info:
Using python and request on the same site works fine.
The same site on a Windows Server 2019 responds correctly to the nim code.
I don't know if it makes sense but is there a way to set the TLS protocol to use in the get call?
See https://nim-lang.github.io/Nim/net.html#newContext%2Cstring%2Cstring%2Cstring%2Cstring
You can probably do something like this:
let client = newHttpClient(sslContext = newContext(protVersion = protTLSv1))
Thanks to reply
I tried protTLSv1 and flag -d:openssl10
I have a curious exception: No error reported.
I also tried other combinations between protVersion and flag but in the tested cases I always got the initial exception.
I definitely need to understand the openssl flag better
Hi to all.
I add new tests done and now the problem is clearer but I still don't have a solution:
In my code, as suggested by @janAkali
let client = newHttpClient(sslContext = newContext(protVersion = protSSLv23))
nim c -d:ssl -d:openssl10
In this case the exception is similar to what was said initially but with further information:
Connection in progress forcefully terminated by remote host. Additional info: IO error has occurred in the BIO layer
On server; in system event, I read:
Received TLS 1.2 connection request from a remote client application, but the server does not support any of the cipher suites supported by the client application. SSL connection request failed.
Can you set the cipher suites used in Nim? Since there are no errors in Python, I don't think it's an unsolvable problem.
I don't know if it has anything to do with it but the Diffie Hellman algorithm on windows 2008 server r2 appears to be version 1 while on windows 2019 server the version is 2
Sorry to bother you, but not finding a solution, I try to ask:
it is correct that if I write:
let client = newHttpClient(sslContext = newContext(protVersion = protSSLv23, cipherList=CiphersIntermediate, ciphersuites=CiphersIntermediate))
I am setting to use the intermediate cipher suites?
The const CiphersIntermediate is present in ssl_config.
I compile the code as you said: -d:ssl -d:openssl10
The server is set to use TLS 1.2 and in the suite there is: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
And in the Intermediate List there is this combination.
Thanks janAkali.
It seemed so strange to me that it didn't work with CiphersIntermediate that it didn't occur to me to try CiphersOld.
With CiphersOld, it works perfectly