The "EOF" error assumes that you are connecting to a server that is not actually using SSL, or that SSL data may be corrupted.
Also, why do you include an explicit '&' character between your message data parameters? Do not do this, Indy will simply encode them and send his own '&' characters. Also, consider using TMemoryStream instead of TStringStream to provide IXMLDocumect.LoadFromStream () loads the original XML source data of the server as it is, rather than the modified version that RTL / VCL creates due to Unicode processing (TStringStream supports TEncoding).
Edit:. The URL you provided, an example of verifyUser () will look like this:
const ERPLYAccountCode = '...'; function verifyUser(const user, pass: string; const sessionLength: Integer = 3600): IXMLDocument; var sPostData: TStringList; sHttpSocket: TIdHTTP; sshSocketHandler: TIdSSLIOHandlerSocketOpenSSL; resStream: TMemoryStream; xDoc: IXMLDocument; begin Result := nil; try resStream := TMemoryStream.Create; try sPostData := TStringList.Create; try sPostData.Add('clientCode=' + ERPLYAccountCode); sPostData.Add('request=verifyUser'); sPostData.Add('version=1.0'); sPostData.Add('responseType=XML'); sPostData.Add('responseMode=normal'); sPostData.Add('username=' + user); sPostData.Add('password=' + pass); sPostData.Add('sessionLength=' + IntToStr(sessionLength)); sHttpSocket := TIdHTTP.Create; try sshSocketHandler := TIdSSLIOHandlerSocketOpenSSL.Create(sHttpSocket); sHttpSocket.IOHandler := sshSocketHandler; sHttpSocket.Request.ContentType := 'application/x-www-form-urlencoded'; sHttpSocket.Post('https://www.erply.net/api/', sPostData, resStream); finally sHttpSocket.Free; end; finally sPostData.Free; end; resStream.Position := 0; xDoc := CreateXMLDoc; xDoc.LoadFromStream(resStream); Result := xDoc; finally resStream.Free; end; except on E: Exception do begin TCommon.ErrorLog('errorLog.txt', DateTimeToStr(Now) + ' ' + E.Message); end; end; end;