Angus Robertson

TIcsFtpMulti uses TSslFtpClient, look at the log of commands it uses to see what it is doing that you missed in your application. Sorry, wrote it over 10 years ago although only recently added to ICS, can not remember the tricks it uses. If you want to keep it simple, FtpDownOneFile and FtpUpOneFile just do one file without any indexing. Angus

TWSocketServer is only for TCP, not UDP which does not have a concept of clients or connections. Change it to TWSocket. Not used multi casting for many years, but suspect that MultiCastAddrStr is for sending stuff, not receiving it. V8.60 added a new component TIcsIpStrmLog with a sample OverbyteIcsIpStmLogTst.dpr which has a logprotUdpServer mode that allows you to create a server with little code handling receiving data for you. Angus

Try using the new sample OverbyteIcsXferTst.dpr added in V8.60, it uses the new TIcsFtpMulti component that hides most of the FTP protocol from you, just allowing you to download or upload multiple files. Angus

Make sure you are using passive mode, necessary for SSL. I transfer hundreds of files a day using SSL FTP between my office and hosted servers, ICS tools at both ends. Angus

You also need to set the DebugLevel property to the level of logging required from THttpDebugLevel, DebugHdr in this case to get all the headers. Most applications don'r need a high level of logging. Angus

401 error is usually authentication failure, but since no proper headers are posted in this thread we can not comment on what authentication is being attempted. Perhaps the server is sufficiently clever to realise the requests have been intercepted and perhaps corrupted by a proxy, thus 401. The newish TSslHttpRest component has header and response logging built-in, and can be used instead of TSslHttpCli, just add the OnHttpRestProg event. Angus

Sorry, don't do C++. But I'm told by others the packages build OK with C++ 10.3, unless I've broken something recently. V8.62, not finished yet, has SSLX509Certs improvements including the new Acme SSL challenge. Angus

When the connection works fine bypassing the proxy, why do you think it's an ICS issue? What do you think ICS is doing differently or incorrectly for a proxy connection? Have you compared the headers IC S sends for proxy/non proxy? Sorry, don't have time this month to study extracts from dumps. Angus

Which component are you using? What sort of proxy settings in that component? Is this SSL or non-SSL? Have you asked for persistent connections? No idea where those screen dumps come from, but they are not useful for diagnostics without a lot more explanation. Angus

Define UseNTLMAuthentication is in OverbyteIcsHttpProt.pas. Angus

The SSPI stuff is only needed for NTLM authentication which the define UseNTLMAuthentication controls, so perhaps you had that disabled last time. Angus

From the OverbyteIcsSspi.pas unit: **If you compile with BCB personality define SECURITY_WIN32 in the project options** Angus

Windows applications are dependent on dozens of DLLs. We don't change stuff that works unless new functionality is needed or newer versions of Windows make something obsolete, which is fortunately very, very rare. But we have to change OpenSSL every couple of years because it's evolving with new standards and older versions are no longer supported. Angus

Why do you ask, what is your actual problem? The low level stuff has not changed in many years, it just works. Angus

This all came from the Mustangpeak SVN at svn://www.soft-gems.net/mustangpeak eight years ago, but that is all gone now. Dual license: // The contents of this file are subject to the Mozilla Public License // Version 1.1 (the "License"); you maynot use this file except in compliance // with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/ // // Alternatively, you may redistribute this library, use and/or modify it under the terms of the // GNU Lesser General Public License as published by the Free Software Foundation; // either version 2.1 of the License, or (at your option) any later version. // You may obtain a copy of the LGPL at http://www.gnu.org/copyleft/. I don't really understand git, would be easier to upload all the Mustangpeak projects to my own public SVN server. Angus

Six new zips for Win32 and Win64 versions of OpenSSL 1.1.1c, 1.1.0k and 1.0.2s can now be downloadable from the Wiki at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp . The DLLs are also included in the ICS distribution SVN and overnight zip. These releases are the six monthly updates of minor bug fixes, with no major security improvements. ICS applications require V8.57 or later to support OpenSSL 1.1.1c. Changes in 1.1.1c may be found at https://www.openssl.org/news/openssl-1.1.1-notes.html , 1.1.0k may be found at https://www.openssl.org/news/openssl-1.1.0-notes.html and 1.0.2s at https://www.openssl.org/news/openssl-1.0.2-notes.html Angus

> Now I'm at the step to improve the speed for the data transfer. I have tried to increase the ESP32 buffer size The ESP32 microcontroller is a small, very cheap device not designed for speed (it's used in mains smart plugs controlled by Alexa). From an ICS perspective do not mess with MTU or TCP settings, just make sure you have a static receive buffer of 64K or something from which you write to a file in chunks of that size. Memory files are not always a good idea, since they may come from paged memory. > I'm now wondering how to work at the BinCliDemo to receive the two clients simultaneously. Most ICS servers derive from TWSocketServer, where you put all your code into a client class and can handle hundreds of clients on the same port. If you really want clients on different ports, generally you need one server per port, although TWSocketServer will also listen on multiple ports such as 80 and 443 for HTTP and HTTPS. Look at the OverbyteIcsTcpSrvIPv6 sample which is the multi-client binary file transfer version that will work with your client. Angus

Sorry the limit of our FMX support is ensuring the components build and install as FMX libraries, and even that takes a lot of my precious unpaid time. The FMX samples have not been updated for several years. I personally only use VCL so am unable to devote any more time to FMX support, The developer that did all the cross platform and FMX work passed some years ago, and no-one has replaced him. Angus

Sorry, TWSocketThrdServer has never been supported by FMX, nor has it really been updated for a decade or more. It is probably little effort to add FMX support, but it is not often used since most ICS servers work fine without threads, It's only when you need several hundred simultaneous clients that threads become necessary, and then perhaps not one per client. Angus

For public servers, the best SSL test is https://www.ssllabs.com/ssltest/ which gives a long report on which protocols and ciphers are supported and recommends changes. With the ICS V8.60 and later, ICS servers should get an A+ rating providing you also have certain HTTP headers to block exploits. For private servers, you can use the latest ICS HTTPS client samples that allow disabling certain protocols and you can then try and connect to your server. The quickest way is to download the pre-build Browser demo application from http://wiki.overbyte.eu/arch/FrameBrowserIcs.zip which is a simple browser (no scripting) with extensive HTTP, HTML and SSL logging that allows you to set SSL Security to one of: SSLv3 Only TLSv1 Only TLSv1.1 Only TLSv1.2 Only TLSv1.3 Only TLSv1 or Better TLSv1.1 or Better TLSv1.2 or Better Backward Ciphers Intermediate Ciphers High Ciphers, 2048 keys High Ciphers, 3072 keys High Ciphers, 7680 keys In fact all ICS clients now have the same options in SslContext. Servers are more complicated, but again with V8.60 and later, you can set: SSLv3 Only Backward Ciphers, TLS1 or Later Intermediate Ciphers, TLS1.1 or Later Intermediate Ciphers FS, TLS1.1 or Later High 112 bit Ciphers, TLS1.2 or Later High 128 bit Ciphers, TLS1.2 or Later High 192 bit Ciphers, TLS1.2 or Later TLSv1.2 or Earlier TLSv1.3 Only provided your server is using IcsHosts. If not, V8.27 (two years ago) added SslContext properties SslMinVersion and SslMaxVersion which is what you should be using, not the old options. Angus

I have all the old source code, more interested if anyone has been updating it in the last 10 years or is still using UltraExplorer. Angus

The TMultipartFtpDownloader component does not support SSL, it uses TFtpClient instead of TSslFtpClient. Angus

You need to follow the C++ installation instructions in readme8. We only support C++ for 10.2 and 10.3. Angus

No other way to get the remote UDP address, since there is no connection. All UDP applications use ReceiveFrom, it has always worked. Suggest you upgrade to a modern supported version of ICS, but you will need to change your application, all the unit names changed 10 years ago. Angus

ICS V8.61 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, and C++Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. ICS supports VCL and FMX, Win32, Win64 and MacOS targets. The distribution zip includes the latest OpenSSL 1.1.1 win32, with other versions of OpenSSL being available from the download page. Changes in ICS V8.61 include: 1 - Added two new components using the new HTTPS REST component, which are both useful and illustrate how simply they can created, TIcsSms and TDnsQueryHttps, both in the OverbyteIcsSslHttpRest.pas unit with demos in OverbyteIcsHttpRestTst. 2 - The new TIcsSms component sends SMS text messages via an HTTP bureau, you will need an account. Initially supporting https://www.kapow.co.uk/ from where you set-up an account for £6.50 (about $9) which gives 100 message credits. Other similar bureaus can be added, provided there is an account for testing. The component has three methods, SendSMS sends an SMS to a mobile number and returns an ID, CheckSMS checks if the SMS with a specific ID has been delivered, pending or failed and CheckCredit returns remaining credit for the account. Messages longer than 140 characters should be sent as multiple messages, if supported by the network. 3 - The new TDnsQueryHttps component makes DNS queries over HTTPS (DOH), to ensure integrity and privacy from interception by ISPs or proxies. It includes a list of public DOH servers from Cloudfare, Google, Quad9 and others, and will make all common DNS queries, including all which does the seven most common queries together. The original TDnsQuery component has also been updated to support all the common queries and return them in using a single AnswerRecord array, rather than an array per query type, but remains backward compatible for existing queries. It now also returns alternate responses. Supports IPv6. The OverbyteIcsNsLookup sample uses TDnsQuery while the OverbyteIcsHttpRestTst sample uses TDnsQueryHttps. The latter sample also illustrates DNS over HTTPS using Json as a REST demo. 4 - Improved HTTP client and server NTLM authentication by adding Single Sign On with NTLM Session on Windows Domain to get credentials without needing them specified in code. 5 - Improvements in the HTTPS REST component to prevent TSslHttpCli events being overwritten by TSslHttpRest events. ResponseXX properties are now available in both OnRequestDone and OnRestRequestDone event handler. IcsHtmlToStr returns javascript content as well as XML and Json and does not ignore very short content. 6 - Improvements in the HTTP client, added more header response properties: RespDateDT, RespLastModDT, RespExpires and RespCacheControl. NoCache now sends Cache-Control: no-cache for HTTP/1.1. 7 - Fixed SSL certificate ValidateCertChain to check certificate start and expiry dates in UTC time instead of local time. Previously certificates issued in North America with UTC/GMT time stamps may have been seen as not yet valid. 8 - The FTP client now accepts badly formatted FEAT PROT responses. 9 - The Browser Demo sample using HtmlViewer now correctly supports authentication methods where a site requires a login, and has an improved log window that no longer slows down display of complex pages. Angus