> Could someone explain this change in OverbyteIcsHttpProt.pas > > FCtrlSocket.SslServerName := FHostName; { V8.11 needed for SNI support } > > It broke connection to one of the thirdparty servers that I use, so I'm > trying to figure out is it a problem with ICS/OpenSSL or problem with site? > Is it supposed to work with all sites?
When IPv4 addresses were freely available, all SSL servers had a unique IP address, so only needed to support a single SSL certificate. But many SSL servers now have multiple hosts on the same IP address, and need the SSL Server Name Indication (SNI) to know which SSL certificate to use when a connection starts. SNI has been supported since Windows XP SP3 10 years ago, and with SSL coming standard for most web sites today, many SSL sites become unaccessible without SNI, cloud based sites in particular. The only reason SNI would break a connection is if the host name you used did not match the server and you ignore SSL certificate checking completely. What is the URL of the failing site? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be