> I tested up to 0.9.8x with the same result. Those versions of OpenSSL are long obsolete, no security updates for a long time, only support old protocols, etc. > Wonder if I should take the leap to V8. > Are there any know issues going from V7 to V8? > I am using Delphi XE.
If you are using SSL in a commercial environment, you do need to keep up to date with OpenSSL releases to get the latest support for protocols and security fixes, and that means also means ICS V8, ideally the latest version from SVN or the overnight zip. For an SSL client, updating from V7 to V8 should be easy, SSL servers need some extra settings. We only test with our versions of OpenSSL, not the Indy versions which historically had external dependencies on Microsoft DLLs. The old OpenSSL is why your connection cipher was so poor: TLSv1, cipher AES128-SHA whereas with the latest ICS you get: TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key exchange ECDH, encryption AESGCM(128), message authentication AEAD There will be a new OpenSSL 1.1.0 later this month, which I got working with ICS yesterday, adding more ciphers and capabilities. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
