DelphiUdIT

Why don't you use this:

Wrong answer ...

Embarcadero generally maintains good compatibility on its products, but obviously when talking about a product that is at least 16 years old, it may be that some manual changes are made. Then there is the third-party libraries to think about.... Further info: for the COMMUNITY license, C++ and DELPHI cannot coexist.

Actually thare is something wrong with this (test on Intel platform, Win11 physical machine, Win 7.1 on VirtualBox VM): 1) Same DLL x64 (SSL 1.0.2u), Indy bundle (Rad 12.3), Win 11 works with the host indicated by @Del Murray with or without Chiperlist. 2) Same DLL x64 (SSL 1.0.2u) and exe, Indy bundle (Rad 12.3), Win 7.1 (VM) works with the host indicated by @Del Murray ONLY with explicity set of Chiperlist. This can only be explained if by default the host (server) requested one or more "ciphers" not available in Windows 7 other than those in the ChiperList (because otherwise it could use one of those even if they are not explicit). But running the test via SSLLabs you see that the server's preferential request (for TLSv1_2) corresponds to the indicated CipherList. So there is something in the operating system that introduces an unmanaged variant (for example in Windows 7 Indy or SSL they use the CLIENT's Chiper preference by default while in Windows 11 the Server's preference is used). And if the client does not have a preference list, what does it propose? When I have a moment I will do some tests on this. For me is not a problem because since I used TLS, I always insert ChiprList (in fact I have several applications that run with TLSv1_2 in Windows 7 in an industrial environment).

Uhmm, this is a topic about your error and they solve using the update version of Indy and Delphi (from Seattle to Berlin) : https://en.delphipraxis.net/topic/2950-indy-http-error1408f10bssl3_get_recordwrong-version-number/ I don't know if is the same trouble ... EDIT, try this old thing: set the PassThrough of SSLIOHandler to false. After setting the ChiperList inserto this line: IdSSLIOHandlerSocketOpenSSL1.PassThrough := false;

It doesn't work with Windows 7 in a VM. OpenSSL 1.0.2u X64. Rad Studio 12.3. Indy Bundle. UPDATE: It works if the chiperlist is in use ...

I think the SSL3 is only an symbol to identify the security protocol SSL in general way, not really about SSL3 protocol. But really I don't know way the client doesn't respond to TLS ... I try with a VM ,,, stay tuned ...

Webbroker should use only the communication channel, doesn't mind what is the crypto protocol used and how is used, That is how the stack should works, So, if you set the SSLIOHandler correctly all should work.

I tried now (like I tried Tuesday) with the host that you gave us, and it works for me. And I tried with and without set the Chiperlist: since the host use TLSv1_2 and TLSV1_3 and as the A+ evaluation you don't need to setup a ChiperList. Normally the connection between Client and Server use the chiper choose by server and setup a ChiperList in your client is for your security. The ChiperList between server and client must match at least one element. To try I simply put an TIdHTTP and an SSLIO Handler and setup only two properties on IDHTTP1 (HandleRedirects and IOHandler), and one on SSLIOHandler (Methods->sslvTLSv1_2 in SSLOptions): Try to do a GET from HTTP like this: If you don't have any errors, it is OK.

This is the Indy binaries repo for SSL, the bundle version of Indy ('till now) works with 1.0.2.u : https://github.com/IndySockets/OpenSSL-Binaries

May be, the ChiperList list should be construct like this: CipherList := '!EXPORT:!LOW:!aNULL:!eNULL:!RC4:!ADK:!3DES:!DES:!MD5:!PSK:!SRP:!CAMELLIA'+ ':ECDHE-RSA-AES128-GCM-SHA256'+ ':ECDHE-RSA-AES256-GCM-SHA384'+ ':ECDHE-RSA-CHACHA20-POLY1305'+ ':ECDHE-ARIA256-GCM-SHA384'+ ':ECDHE-ARIA128-GCM-SHA256'+ //Weak ma good with old prducts ':ECDHE-RSA-AES256-SHA384'; And take care that scanning the site you indicate, there is a mandatory support to SNI. I don't think if Indy support SNI. EDIT: with Indy Bundle (Delphi 12.3) and TLSv1_2 (OpenSSL ver. 1.0.2u) X64 is working the connection with that host.

I'm aware of this, and this may be logical, but in the past I had to do 2 (TWO) times COMPLET REBUILD. It didn't work with just one. ... but not always, only sometimes. I know that because I allocate manually the "console" depending of that symbol and without this the I/O error will be produced if some "writeln" is executed (confirmed also by debugging).

In the past time (surely prior 12.x) I was used to do this, but I stopped 'cause many times the change of the "symbol" define seems that not apply to all units where the symbol was used. It was like if some untis were not compiled. I used the "DEEP_DEBUG" symbol to do a "writeln" for debugging, but sometimes i delete it and the "writeln" was executed the same. I had to compile almost two times the project to make a real change. I have never looked into the problem in depth, because when you have it you are usually already busy up to your neck. So I changed the habit of using the definition in the project options. And when I compile packages (i.e. libraries) ... I always recompile them TWICE. I don't know if this anomaly exists in the current version, but I don't even want to try it.

Like you told, If you want to define global "symbols" you must insert them in the Project Options / Delphi Compiler / Conditional Defines: You can define it in .DPR like in any other unit, but it is only valid inside that unit. And there should be no errors. May be your line (I think is about a new unit in the uses clause) is inserted in a bad place (like if the previous line has already a ';' terminator) or should be terminated with a ',' ...

Thanks, I have to check if something is wrong ... even if apparently everything is working (but I don't use the reported units ... at least ...) . P.S.: I had already changed the reference from "Win32Api" to "WinApi.Windows" in the WINMD units I use and deleted the Win32Api unit .... maybe that's why I never had problems. The alternative might be better ... @himitsu, yes the word "oggi" means "today". That is the screenshoot from the QP in my language.