> My ICS has revised date: Sept 3, 2014. It's a nightly snapshot. I 
> have OpenSSL 1.0.1k (compiled by you). 

You may have have them, but it's unlikely you are using them together since
1.0.1k was only released on 19th January 2015 and needs a nightly snapshot
dated then or later to install it.  ICS does not load newer versions of OpenSSL
that have not been tested. 

> I have an SMTP client and an HTTP client.

SSL client have much less control over ciphers than servers, essentially only
flags like sslOpt_NO_TLSv1, sslOpt_NO_SSLv2, sslOpt_NO_SSLv3 to refuse old
ciphers. SslVersionMethod is very crude and does not support TLS 1.2, so you
have to leave it as sslV23_CLIENT.

If you use a specific CipherList with a client, you risk being unable to access
a server that does not match it, maybe not today, but probably tomorrow when
the server is hardened. SSL servers need to be updated frequently to counter
new threats. 

> Can you tell me why I get the 'SSL3_CLIENT_HELLO:no ciphers 
> available' fatal error I have a USENET news
> reader program that uses an indy nntp client and the suite works 
> fine with it.

Ciphers are primarily chosen by the server, so unless you are using the ICS
SMTP and HTTP client to talk to an NTTP news server, what Indy supports is
irrelevant.

Angus

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to