> I tested up to 0.9.8x with the same result.

Those versions of OpenSSL are long obsolete, no security updates for a
long time, only support old protocols, etc.  
> Wonder if I should take the leap to V8.
> Are there any know issues going from V7 to V8?
> I am using Delphi XE.

If you are using SSL in a commercial environment, you do need to keep
up to date with OpenSSL releases to get the latest support for
protocols and security fixes, and that means also means ICS V8, ideally
the latest version from SVN or the overnight zip.  

For an SSL client, updating from V7 to V8 should be easy, SSL servers
need some extra settings.  

We only test with our versions of OpenSSL, not the Indy versions which
historically had external dependencies on Microsoft DLLs.  

The old OpenSSL is why your connection cipher was so poor:

TLSv1, cipher AES128-SHA

whereas with the latest ICS you get:

TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key exchange ECDH,
encryption AESGCM(128), message authentication AEAD

There will be a new OpenSSL 1.1.0 later this month, which I got working
with ICS yesterday, adding more ciphers and capabilities.


To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to