Is there any parts of Delphi/Indy/ICS/Android environments etc that might contain the Open SSL bug? (ie does anything use OpenSSL?)
I understand the bug has been present for 2 years, so earlier *should* be OK, how about anything in the XE5 environment? I understand there is a separate issue in that programs that are OK that communicate with eg an unpatched Apache web server will still be vulnerable. I also read that Android 4.1.1 is also vulnerable Some information about what uses what: (MacOS, Indy uses OpenSSL): http://www.monien.net/delphi-xe5-ssl-https-on-different-platforms-with-tidhttp-and-trestclient/ eg "Using SSL/HTTPS with Indy’s TIdHttp (or through TRESTClient – which is effectively based on TIdHttp) requires external OpenSSL libraries, which is something most of us probably learned in the past." http://www.delphigroups.info/2/12/215507.html Earlier Delphi versions: http://stackoverflow.com/questions/18191679/which-is-current-correct-indy-and-open-ssl-versions-to-use-with-delphi2007 Googles fixes: http://googleonlinesecurity.blogspot.com.au/2014/04/google-services-updated-to-address.html _______________________________________________ NZ Borland Developers Group - Delphi mailing list Post: [email protected] Admin: http://delphi.org.nz/mailman/listinfo/delphi Unsubscribe: send an email to [email protected] with Subject: unsubscribe
