Indy 10 and sslvTLSv1_2

2019-07-15 13:09发布

站内问答 / 前沿技术
2054 2 5

I have a website I post to that currently supports TLS v1.1 and TLS 1.2. They will soon only allow TLS ver 1.2 connections. I upgraded Delphi 5 to Indy 10 for this reason.

Currently, I create my components in code and everything works great running 3 threads at a time:

HTTp := TIdHttp.Create(nil);
      HTTP.OnSelectAuthorization := HTTPSelectAuthorization;
      HTTP.HTTPOptions := [hoInProcessAuth,hoForceEncodeParams,hoKeepOrigProtocol];

      HTTP.OnStatus := HTTPStatus;
      HTTP.OnWorkEnd := HTTPWorkEnd;
      HTTP.Request.ContentType := 'application/x-www-form-urlencoded';
      HTTP.ProxyParams.ProxyPort := ProxyPort;
      HTTP.ProxyParams.ProxyUsername := ProxyUserName;
      HTTP.ProxyParams.ProxyPassword := ProxyPassword;
      HTTP.ProxyParams.BasicAuthentication := ProxyBasicAuth;
    end;

    If UseSSL and (SSL = nil) then
    Begin
      SSL := TIDSSLIOHandlerSocketOpenSSL.Create(nil);
      SSL.SSLOptions.Mode := sslmClient;
      SSL.OnGetPassword := SSLGetPassword;
      SSL.SSLOptions.Method := sslvTLSv1_2;
      HTTP.IOHandler := SSL;
    end;

Is there an event that I would tell me exactly what TLS version I am current actually connecting with when sending a post? I don't want there to be a surprise when they finally stop accepting TLS v1.1 connections.

Thanks.

2条回答
可以哭但决不认输i
2楼-- · 2019-07-15 13:28

There is no event specifically for that purpose. You would have to query the underlying SSL object directly, such as in the OnStatus event, using the SSL_get_version() function.

However, you are setting the Method to TLS 1.2 exclusively, so that is all Indy will use (as long as you use a version of OpenSSL that supports 1.2, otherwise Indy will silently fallback to 1.0).

On a side note, your UseSSL if block should look more like this:

If UseSSL then
Begin
  If (SSL = nil) then
  Begin
    SSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
    SSL.SSLOptions.Mode := sslmClient;
    SSL.OnGetPassword := SSLGetPassword;
    SSL.SSLOptions.Method := sslvTLSv1_2;
  End;
  HTTP.IOHandler := SSL;
end;
查看更多
0人赞 添加讨论(0) 举报
forever°为你锁心
3楼-- · 2019-07-15 13:32

Here is an example how you can get info about SSL version. (may need some update as I don't use latest Indy)

Declaration

  procedure IdSSLIOHandlerSocketOpenSSLStatusInfoEx(ASender: TObject;
    const AsslSocket: PSSL; const AWhere, Aret: Integer; const AType,
    AMsg: string);

Assign

SSL.OnStatusInfoEx:=IdSSLIOHandlerSocketOpenSSLStatusInfoEx;

Usage

procedure THttpThread.IdSSLIOHandlerSocketOpenSSLStatusInfoEx(ASender: TObject;
  const AsslSocket: PSSL; const AWhere, Aret: Integer; const AType,
  AMsg: string);
begin
  if AsslSocket.version = TLS1_VERSION then
    ...
end;
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)