DelphiUdIT

My sources about Posix are in "C:\Program Files (x86)\Embarcadero\Studio\23.0\source\rtl\posix" If you have trouble compiling, look at: https://docwiki.embarcadero.com/RADStudio/Athens/en/Installation_Notes There are some notes about Linux at the end of the page (missing lib paths). P.S.: in my installations of course there are the compiled units in ALL needed paths.

But you and Remy are still there with a greater, precious and fundamental tireless contribution. Thank you for all, for what you have done and for what you will do (to others of TeamB too, that I don't know).

SKU: Enterprise, Professional, Personal (this may be Community Edition). Source: BDS.EXE and LicenseManager.exe I cannot find the Architect SKU, it is possible that is derived from something else. They (Embarcadero) spoke about this way to find a kind of product in Alexandria news note. So, I think from that release we had the opportunity to use it.

Why don't you use this:

Wrong answer ...

Embarcadero generally maintains good compatibility on its products, but obviously when talking about a product that is at least 16 years old, it may be that some manual changes are made. Then there is the third-party libraries to think about.... Further info: for the COMMUNITY license, C++ and DELPHI cannot coexist.

Actually thare is something wrong with this (test on Intel platform, Win11 physical machine, Win 7.1 on VirtualBox VM): 1) Same DLL x64 (SSL 1.0.2u), Indy bundle (Rad 12.3), Win 11 works with the host indicated by @Del Murray with or without Chiperlist. 2) Same DLL x64 (SSL 1.0.2u) and exe, Indy bundle (Rad 12.3), Win 7.1 (VM) works with the host indicated by @Del Murray ONLY with explicity set of Chiperlist. This can only be explained if by default the host (server) requested one or more "ciphers" not available in Windows 7 other than those in the ChiperList (because otherwise it could use one of those even if they are not explicit). But running the test via SSLLabs you see that the server's preferential request (for TLSv1_2) corresponds to the indicated CipherList. So there is something in the operating system that introduces an unmanaged variant (for example in Windows 7 Indy or SSL they use the CLIENT's Chiper preference by default while in Windows 11 the Server's preference is used). And if the client does not have a preference list, what does it propose? When I have a moment I will do some tests on this. For me is not a problem because since I used TLS, I always insert ChiprList (in fact I have several applications that run with TLSv1_2 in Windows 7 in an industrial environment).

Uhmm, this is a topic about your error and they solve using the update version of Indy and Delphi (from Seattle to Berlin) : https://en.delphipraxis.net/topic/2950-indy-http-error1408f10bssl3_get_recordwrong-version-number/ I don't know if is the same trouble ... EDIT, try this old thing: set the PassThrough of SSLIOHandler to false. After setting the ChiperList inserto this line: IdSSLIOHandlerSocketOpenSSL1.PassThrough := false;

It doesn't work with Windows 7 in a VM. OpenSSL 1.0.2u X64. Rad Studio 12.3. Indy Bundle. UPDATE: It works if the chiperlist is in use ...

I think the SSL3 is only an symbol to identify the security protocol SSL in general way, not really about SSL3 protocol. But really I don't know way the client doesn't respond to TLS ... I try with a VM ,,, stay tuned ...

Webbroker should use only the communication channel, doesn't mind what is the crypto protocol used and how is used, That is how the stack should works, So, if you set the SSLIOHandler correctly all should work.

I tried now (like I tried Tuesday) with the host that you gave us, and it works for me. And I tried with and without set the Chiperlist: since the host use TLSv1_2 and TLSV1_3 and as the A+ evaluation you don't need to setup a ChiperList. Normally the connection between Client and Server use the chiper choose by server and setup a ChiperList in your client is for your security. The ChiperList between server and client must match at least one element. To try I simply put an TIdHTTP and an SSLIO Handler and setup only two properties on IDHTTP1 (HandleRedirects and IOHandler), and one on SSLIOHandler (Methods->sslvTLSv1_2 in SSLOptions): Try to do a GET from HTTP like this: If you don't have any errors, it is OK.

This is the Indy binaries repo for SSL, the bundle version of Indy ('till now) works with 1.0.2.u : https://github.com/IndySockets/OpenSSL-Binaries

May be, the ChiperList list should be construct like this: CipherList := '!EXPORT:!LOW:!aNULL:!eNULL:!RC4:!ADK:!3DES:!DES:!MD5:!PSK:!SRP:!CAMELLIA'+ ':ECDHE-RSA-AES128-GCM-SHA256'+ ':ECDHE-RSA-AES256-GCM-SHA384'+ ':ECDHE-RSA-CHACHA20-POLY1305'+ ':ECDHE-ARIA256-GCM-SHA384'+ ':ECDHE-ARIA128-GCM-SHA256'+ //Weak ma good with old prducts ':ECDHE-RSA-AES256-SHA384'; And take care that scanning the site you indicate, there is a mandatory support to SNI. I don't think if Indy support SNI. EDIT: with Indy Bundle (Delphi 12.3) and TLSv1_2 (OpenSSL ver. 1.0.2u) X64 is working the connection with that host.

I'm aware of this, and this may be logical, but in the past I had to do 2 (TWO) times COMPLET REBUILD. It didn't work with just one. ... but not always, only sometimes. I know that because I allocate manually the "console" depending of that symbol and without this the I/O error will be produced if some "writeln" is executed (confirmed also by debugging).