Angus Robertson

Sorry, TWSocketThrdServer has never been supported by FMX, nor has it really been updated for a decade or more. It is probably little effort to add FMX support, but it is not often used since most ICS servers work fine without threads, It's only when you need several hundred simultaneous clients that threads become necessary, and then perhaps not one per client. Angus

For public servers, the best SSL test is https://www.ssllabs.com/ssltest/ which gives a long report on which protocols and ciphers are supported and recommends changes. With the ICS V8.60 and later, ICS servers should get an A+ rating providing you also have certain HTTP headers to block exploits. For private servers, you can use the latest ICS HTTPS client samples that allow disabling certain protocols and you can then try and connect to your server. The quickest way is to download the pre-build Browser demo application from http://wiki.overbyte.eu/arch/FrameBrowserIcs.zip which is a simple browser (no scripting) with extensive HTTP, HTML and SSL logging that allows you to set SSL Security to one of: SSLv3 Only TLSv1 Only TLSv1.1 Only TLSv1.2 Only TLSv1.3 Only TLSv1 or Better TLSv1.1 or Better TLSv1.2 or Better Backward Ciphers Intermediate Ciphers High Ciphers, 2048 keys High Ciphers, 3072 keys High Ciphers, 7680 keys In fact all ICS clients now have the same options in SslContext. Servers are more complicated, but again with V8.60 and later, you can set: SSLv3 Only Backward Ciphers, TLS1 or Later Intermediate Ciphers, TLS1.1 or Later Intermediate Ciphers FS, TLS1.1 or Later High 112 bit Ciphers, TLS1.2 or Later High 128 bit Ciphers, TLS1.2 or Later High 192 bit Ciphers, TLS1.2 or Later TLSv1.2 or Earlier TLSv1.3 Only provided your server is using IcsHosts. If not, V8.27 (two years ago) added SslContext properties SslMinVersion and SslMaxVersion which is what you should be using, not the old options. Angus

I have all the old source code, more interested if anyone has been updating it in the last 10 years or is still using UltraExplorer. Angus

The TMultipartFtpDownloader component does not support SSL, it uses TFtpClient instead of TSslFtpClient. Angus

You need to follow the C++ installation instructions in readme8. We only support C++ for 10.2 and 10.3. Angus

No other way to get the remote UDP address, since there is no connection. All UDP applications use ReceiveFrom, it has always worked. Suggest you upgrade to a modern supported version of ICS, but you will need to change your application, all the unit names changed 10 years ago. Angus

ICS V8.61 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, and C++Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. ICS supports VCL and FMX, Win32, Win64 and MacOS targets. The distribution zip includes the latest OpenSSL 1.1.1 win32, with other versions of OpenSSL being available from the download page. Changes in ICS V8.61 include: 1 - Added two new components using the new HTTPS REST component, which are both useful and illustrate how simply they can created, TIcsSms and TDnsQueryHttps, both in the OverbyteIcsSslHttpRest.pas unit with demos in OverbyteIcsHttpRestTst. 2 - The new TIcsSms component sends SMS text messages via an HTTP bureau, you will need an account. Initially supporting https://www.kapow.co.uk/ from where you set-up an account for £6.50 (about $9) which gives 100 message credits. Other similar bureaus can be added, provided there is an account for testing. The component has three methods, SendSMS sends an SMS to a mobile number and returns an ID, CheckSMS checks if the SMS with a specific ID has been delivered, pending or failed and CheckCredit returns remaining credit for the account. Messages longer than 140 characters should be sent as multiple messages, if supported by the network. 3 - The new TDnsQueryHttps component makes DNS queries over HTTPS (DOH), to ensure integrity and privacy from interception by ISPs or proxies. It includes a list of public DOH servers from Cloudfare, Google, Quad9 and others, and will make all common DNS queries, including all which does the seven most common queries together. The original TDnsQuery component has also been updated to support all the common queries and return them in using a single AnswerRecord array, rather than an array per query type, but remains backward compatible for existing queries. It now also returns alternate responses. Supports IPv6. The OverbyteIcsNsLookup sample uses TDnsQuery while the OverbyteIcsHttpRestTst sample uses TDnsQueryHttps. The latter sample also illustrates DNS over HTTPS using Json as a REST demo. 4 - Improved HTTP client and server NTLM authentication by adding Single Sign On with NTLM Session on Windows Domain to get credentials without needing them specified in code. 5 - Improvements in the HTTPS REST component to prevent TSslHttpCli events being overwritten by TSslHttpRest events. ResponseXX properties are now available in both OnRequestDone and OnRestRequestDone event handler. IcsHtmlToStr returns javascript content as well as XML and Json and does not ignore very short content. 6 - Improvements in the HTTP client, added more header response properties: RespDateDT, RespLastModDT, RespExpires and RespCacheControl. NoCache now sends Cache-Control: no-cache for HTTP/1.1. 7 - Fixed SSL certificate ValidateCertChain to check certificate start and expiry dates in UTC time instead of local time. Previously certificates issued in North America with UTC/GMT time stamps may have been seen as not yet valid. 8 - The FTP client now accepts badly formatted FEAT PROT responses. 9 - The Browser Demo sample using HtmlViewer now correctly supports authentication methods where a site requires a login, and has an improved log window that no longer slows down display of complex pages. Angus

Unread content only seems to show the last message in any particular topic, rather than all the unread messages in the topic. So if that last message is irrelevant, you can miss important earlier messages. Angus

Perhaps a 10 year old version. Angus

TWSocket 5.31 goes back 11 years, but ReceiveFrom is essentially the same today. However it is no longer supported. ReceiveFrom is async and returns immediately, it is normally used for UDP only so you know where the data has come from. it is widely used today and does not cause applications to lock up. It sound like you have a continuous loop reading data without any error handling. Angus

Yes, I see the word video in very small letters buried in a line at the top of the screen, but I read these groups backwards from Unread Content, and you never mentioned you were posting a link to a video in the root post. That would have be sufficient for me to skip this thread, even less time to watch beginners how to program videos . My apologies for wasting your time by posting something useful for other developers. Angus

Quite correct, no reason to waste time following the links in this thread, but no-one suggested the proper way to get the Windows version, so I did., Or perhaps the thread title is wrong. Angus

Use RtlGetVersion instead of GetVersionExW which always gives the true operating system. function RtlGetVersion (var lpVersionInformation: TOSVERSIONINFOEXW): DWORD; stdcall; // Windows 2000 and later function RtlGetVersion; external 'ntdll.dll' name 'RtlGetVersion'; OsInfo: TOSVERSIONINFOEXW; RtlGetVersion (OsInfo) Unfortunately Microsoft has not provided any APIs to read the multiple different versions of Windows 10 or Windows Server 2016, so you need to read that from the registry: HCM\Software\Microsoft\Windows NT\CurrentVersion\ReleaseId which will return 1607, 1809 or something similar. \ProductName gives Windows 10 Enterprise or similar, although you work that out from APIs. Angus

The choice of using BCryptGenRandom is made at compile time by OpenSSL, so you need to build the binaries yourself for XP or find someone to do it. Windows XP is long out of support, ICS no longer supports it, although it probably still works, we certainly don't test it or care about it. Nor does Microsoft. No idea if bcrypt.dll works on XP, it is probably dependent on other new DLLs. Angus

How do I spell check a post? How do I search for old posts? Angus

USE_SSL is defined for the main ICS distribution, since most applications need it today. Angus

bcrypt.dll is only used if OpenSSL is compiled for Windows 7 or later, but I'm afraid that is how our binaries are built, since Windows XP is long out of support. You will need to keep using an older version of OpenSSL for Windows XP, or perhaps find binaries built by someone else for Windows XP. ICS will cease supporting OpenSSL older than 1.1.1 from the end of the year, when support ceases, allowing us to remove old redundant code. Angus

Where did you find that file, it was removed from the distributions 10 years ago when SSL become free? Angus

If the server is written correctly, it will run for weeks without hanging, despite unfriendly clients and internet issues, and my servers do exactly that. The most likely explanation for hanging is you are ignoring all client socket errors, and writing so much data that the local buffers overflow. Generally, ICS applications are written to send data within the OnDataSent event which is fired when the buffers have space for more data to send, look at the HTTP and FTP client components. There is a property BufferedByteCount that shows unsent data, but you generally don't need to use this when using OnDataSent to send the next block from your stream. Angus

The latest OpenSSL still lists several SRP ciphers, but they are shown as only supporting SHA1 and SSLv3, neither of which are allowed any longer with TLS, so no idea if they still work. You would need a custom OpenSSL implementation to allow the session password to be specified somewhere, SRP is rarely used. Angus

> Is there a way to know that the TRestOAuth component has updated the authorization token if autoupdate is set?  Use the OnOAuthNewToken event and illustrated in the sample application. Angus

The user made samples are 15 to 20 years old and few probably work with the latest version of ICS. You should really be looking at OverbyteIcsBinCliDemo.dpr in Samples\delphi\SocketDemos which is more up to date. But still does not use a stream. So perhaps look at a new sample OverbyteIcsIpStmLogTst.dpr in \Samples\delphi\sslinternet which does receive binary streams of unlimited size. Angus

SVN and the overnight zip are updated with a new version of TSslHttpRest heavily rewritten to be more user proof, also need changes to TSslHttpCli which was why it was originally written badly. But now the REST responses are available in both the OnRequestDone and OnRestRequestDone events. Angus

Your earlier changes are already in SVN and the overnight zip, with slight modification, I'll add this change next time. Strangely, I could not find any ICS client samples that test authentication, the BrowserDemo using HtmlViewer did not actually work despite putting up a login dialog box, which I have now fixed. But I've not got NTLM authentication working, sure I set it up many years ago on my IIS server, but can not remember how. Think it might need NT permissions set-up on restricted directories, but I'm hazy on this Angus

Not sure if François is still updating midware, there is nothing newer in SVN. I'll let him answer. Angus