> My ICS has revised date: Sept 3, 2014. It's a nightly snapshot. I > have OpenSSL 1.0.1k (compiled by you).
You may have have them, but it's unlikely you are using them together since 1.0.1k was only released on 19th January 2015 and needs a nightly snapshot dated then or later to install it. ICS does not load newer versions of OpenSSL that have not been tested. > I have an SMTP client and an HTTP client. SSL client have much less control over ciphers than servers, essentially only flags like sslOpt_NO_TLSv1, sslOpt_NO_SSLv2, sslOpt_NO_SSLv3 to refuse old ciphers. SslVersionMethod is very crude and does not support TLS 1.2, so you have to leave it as sslV23_CLIENT. If you use a specific CipherList with a client, you risk being unable to access a server that does not match it, maybe not today, but probably tomorrow when the server is hardened. SSL servers need to be updated frequently to counter new threats. > Can you tell me why I get the 'SSL3_CLIENT_HELLO:no ciphers > available' fatal error I have a USENET news > reader program that uses an indy nntp client and the suite works > fine with it. Ciphers are primarily chosen by the server, so unless you are using the ICS SMTP and HTTP client to talk to an NTTP news server, what Indy supports is irrelevant. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be