We can't find any way of disabling TLS 1.0 and leaving TLS 1.1 and TLS 1.2 as the only enabled protocols for the TSslSocket.
Looking at the options in the OverbyteIcsWSocket.pas/.hpp files, you can disable SSL2 and SSL3 using the sslOpt_NO_SSLv2 and sslOpt_NO_SSLv3 options respectively on the SSLContext object before creating the socket. However, there are no specific options for disabling TLS 1.0, 1.1 and 1.2. The OpenSSL library allows you to set the options as follows: SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1); The options for TLS 1.1 and 1.2 are SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2. There was one option - sslOpt_NO_TLSv1 - however, this seems to be disabling TLS completely. We are currently checking whether our code is being compiled against the right OpenSSL library to ensure the new TLS protocols are being used. Cheers, Isaac Retallick -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
