> Could someone explain this change in OverbyteIcsHttpProt.pas
>
> FCtrlSocket.SslServerName := FHostName; { V8.11 needed for SNI support }
>
> It broke connection to one of the thirdparty servers that I use, so I'm
> trying to figure out is it a problem with ICS/OpenSSL or problem with site?
> Is it supposed to work with all sites?
When IPv4 addresses were freely available, all SSL servers had a unique IP
address,
so only needed to support a single SSL certificate. But many SSL servers now
have
multiple hosts on the same IP address, and need the SSL Server Name Indication
(SNI)
to know which SSL certificate to use when a connection starts.
SNI has been supported since Windows XP SP3 10 years ago, and with SSL coming
standard for most web sites today, many SSL sites become unaccessible without
SNI,
cloud based sites in particular.
The only reason SNI would break a connection is if the host name you used did
not
match the server and you ignore SSL certificate checking completely.
What is the URL of the failing site?
Angus
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
