There has been recent press about an SSL server exploit called Poodle, which only effect SSLv3, not the more recent TLS 1.x protocols.
Disabling SSLv3 in servers can be done by setting: SslContext.SslVersionMethod := sslV23_SERVER; SslContext.SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3, sslOpt_CIPHER_SERVER_PREFERENCE]; v2 was obsolete long ago. You should also change the cipher suite, Mozilla now suggests three levels of ciphers, which are all now added to the latest overnight ICS v8 SVN. The minimum browsers these ciphers support are: sslCiphersMozillaSrvHigh - Firefox 27, Chrome 22, IE 11, Opera 14, Safari 7, Android 4.4, Java 8 sslCiphersMozillaSrvInter - Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 sslCiphersMozillaSrvBack - Windows XP IE6, Java 6 so since IE6 is long obsolete I suggest: SslContext.SslCipherList := sslCiphersMozillaSrvInter; Once you have your ICS SSL web server updated and installed on a public server, there is an excellent SSL testing web site at: https://www.ssllabs.com/ssltest/index.html It takes a few minutes to test all the ciphers, but generates a detailed security report giving your web site a letter rating. Making the changes above raised my ICS SSL site from C to A-. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be