Hi Angus, On Thu, 5 Mar 2015 07:57 +0000 (GMT Standard Time), you wrote: > > > My ICS has revised date: Sept 3, 2014. It's a nightly snapshot. I > > have OpenSSL 1.0.1k (compiled by you). > > You may have have them, but it's unlikely you are using them together since > 1.0.1k was only released on 19th January 2015 and needs a nightly snapshot > dated then or later to install it. ICS does not load newer versions of > OpenSSL > that have not been tested.
When you tested it and made it available, I added the version myself. I'm a programmer :) > > I have an SMTP client and an HTTP client. > > SSL client have much less control over ciphers than servers, essentially only > flags like sslOpt_NO_TLSv1, sslOpt_NO_SSLv2, sslOpt_NO_SSLv3 to refuse old > ciphers. SslVersionMethod is very crude and does not support TLS 1.2, so you > have to leave it as sslV23_CLIENT. Ok, that explains the sslV23_Client. Thanks. > If you use a specific CipherList with a client, you risk being unable to > access > a server that does not match it, maybe not today, but probably tomorrow when > the server is hardened. SSL servers need to be updated frequently to counter > new threats. > > > Can you tell me why I get the 'SSL3_CLIENT_HELLO:no ciphers > > available' fatal error I have a USENET news > > reader program that uses an indy nntp client and the suite works > > fine with it. > > Ciphers are primarily chosen by the server, so unless you are using the ICS > SMTP and HTTP client to talk to an NTTP news server, what Indy supports is > irrelevant. Good point. As for the 'no ciphers available', I'll assume it's another crude implementation. I can't see any other reason. Thank you for your assistance. I now have my clients using TLS 1.2. That was my problem and now it's fixed. George -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
