> We can't find any way of disabling TLS 1.0 and leaving TLS 1.1 and > TLS 1.2 as the only enabled protocols for the TSslSocket.
Correct, there have been a number of improvement in OpenSSL over the past few years that have been skipped by ICS, primarily because ICS seemed to support new OpenSSL releases without change. But I've spent the last few days updating SSL support in ICS, there are new sslTLS_V1_1, sslTLS_V1_2 and sslBestVer version methods and six new options including sslOpt_NO_TLSv1_1 and sslOpt_NO_TLSv1_2. But mainly I'm adding support for DH key exchange which seems to be missed in the original development, and restricts the ciphers that our servers can support. Specifically, it means ciphers offering 'forward secrecy' are not supported by servers (clients are OK), which reduces our ratings by SSL security checks. It's not finished yet, should only be a couple of days. If anyone is aware of other OpenSSL features missing from the ICS implementation, now is the time to speak up. OpenSSL 1.0.2 will be supported by the new version, but I can not see any major interface changes, just minor things. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be