Jump to content

nSolvePaul

Members
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

0 Neutral
  1. Setting SslMinVersion sorted it - thank you
  2. A client reports that allow TLSv1.0 is a security issue. So I set my SslOptions accordingly: m_pSslContext->SslOptions = m_pSslContext->SslOptions << sslOpt_NO_SSLv2 << sslOpt_NO_SSLv3 << sslOpt_NO_TLSv1 << sslOpt_CIPHER_SERVER_PREFERENCE //When choosing a cipher, use the server's preferences instead of the client preferences. << sslOpt_SINGLE_DH_USE; //single DH needed for perfect forward secrecy However I'm still getting a TLSv1.0 connection (using 'openssl s_client -connect mywebsite.com:22017 -tls1') What is the correct manner to disable a TLSv1.0 connection (and any tips on how to prove I've disabled it please) Thanks
  3. Oops wrong unit: OverbyteIcsSslX509Utils.pas However I'll do as you suggest
  4. As it breaks precompiled headers in BCB 2007 ( I already have to replace ="" with =EmptyStr all over but while I can replace ="unknown" with =EmptyStr in the header I've no idea what this will do a runtime)
  5. { Next symbol enables automatic SSL/TLS ordering in SocketServer and other servers } { Unfortunately this adds a lot of other units, HTTPS REST, Json, OAuth2, etc } {$DEFINE AUTO_X509_CERTS} I wished to use the library without this functionality. However when I remove the AUTO_X509_CERTS the library no longer builds in Borland C++ 2007 instead I'm forced to leave it in and also I then need to link to: #pragma link "Crypt32.lib" #pragma link "Cryptui.lib" in my application.
  6. I can only test BCB 2007 I'm afraid
  7. {$HPPEMIT 'typedef HCRYPTPROV *PHCRYPTPROV'} {$HPPEMIT 'typedef HCRYPTKEY *PHCRYPTKEY'} {$HPPEMIT 'typedef HCRYPTHASH *PHCRYPTHASH'} {$HPPEMIT 'typedef PROV_ENUMALGS *PPROV_ENUMALGS'} {$HPPEMIT 'typedef PROV_ENUMALGS_EX *PPROV_ENUMALGS_EX'} {$HPPEMIT 'typedef PUBLICKEYSTRUC *PPUBLICKEYSTRUC'} {$HPPEMIT 'typedef RSAPUBKEY *PRSAPUBKEY'} {$HPPEMIT 'typedef DSSSEED *PDSSSEED'} {$HPPEMIT 'typedef PUBKEYVER3 *PPUBKEYVER3'} {$HPPEMIT 'typedef DHPRIVKEY_VER3 *PPRIVKEYVER3'} {$HPPEMIT 'typedef CERT_FORTEZZA_DATA_PROP *PCERT_FORTEZZA_DATA_PROP'} {$HPPEMIT 'typedef HCRYPTMSG *PHCRYPTMSG'} {$HPPEMIT 'typedef CMSG_RECIPIENT_ENCODE_INFO *PCMSG_RECIPIENT_ENCODE_INFO'} {$HPPEMIT 'typedef _CMSG_RECIPIENT_ENCODE_INFO CMSG_RECIPIENT_ENCODE_INFO'} {$HPPEMIT 'typedef PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO *PPCMSG_KEY_AGREE_KEY_ENCRYPT_INFO'} {$HPPEMIT 'typedef HCERTSTORE *PHCERTSTORE'} {$HPPEMIT 'typedef PCCERT_CONTEXT *PPCCERT_CONTEXT'} {$HPPEMIT 'typedef PCCRL_CONTEXT *PPCCRL_CONTEXT'} {$HPPEMIT 'typedef PCERT_CHAIN_CONTEXT *PPCCERT_CHAIN_CONTEXT'} can you add a trailing ';' to these statements please {$HPPEMIT 'typedef HCRYPTPROV *PHCRYPTPROV;'} as Borland CBuilder 2007 needs them Thanks PS is this the correct manner to report bugs/code change requests?
  8. OverbyteIcsCryptUiApi.pas contains this line: {$HPPEMIT '#include <OverbyteIcscryptuiapi.h>'} but I can not find that file so I just comment it out. Is that a valid thing to do or am I missing something critical? (Note I've not got a working 8.58 build yet so the issue may resolve it self as once I have a working solution)
  9. Please can you remind me of the address to send my 'registration' postcard thanks
  10. We still use Borland C++ 2007, I've been maintaining a list of mods I have to do to get ICS to build and it is growing. Though I've got stuck on anything newer than ICS 8.47 - I'll start a new thread for that though. So please don't remove the old C++ files. I'll happily list my mods when I've a working set again
×