Jump to content

Search the Community

Showing results for tags 'tsslhttpserver'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Delphi Questions and Answers
    • Algorithms, Data Structures and Class Design
    • VCL
    • FMX
    • RTL and Delphi Object Pascal
    • Databases
    • Network, Cloud and Web
    • Windows API
    • Cross-platform
    • Delphi IDE and APIs
    • General Help
    • Delphi Third-Party
  • C++Builder Questions and Answers
    • General Help
  • General Discussions
    • Embarcadero Lounge
    • Tips / Blogs / Tutorials / Videos
    • Job Opportunities / Coder for Hire
    • I made this
  • Software Development
    • Project Planning and -Management
    • Software Testing and Quality Assurance
  • Community
    • Community Management

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Delphi-Version

Found 1 result

  1. Dear ICS Team First of all, thank you very much for making this great package available. This is an immense effort! I am experimenting with ICS 9.2. I am supposed to program a TLS 1.3 connection between a server and a client program. This basically works. But our security department has required me to only allow certain ciphers and groups. I tried to fulfill this using the SslCipherList and SslCryptoGroups properties (TSslContext) and to test it with the OverbyteIcsSslWebServ example. Unfortunately, it only works partially. 1. Ciphers: in the 'New Ciphers' field I enter 'ECDHE-ECDSA-AES256-GCM-SHA384'. When starting ('Start HTTPS' button), only this one value is actually passed to OpenSSL. I can see this clearly in OverbyteIcsSslBase.pas, line 6675 (SSL_CTX_set_cipher_list). Here only the string 'ECDHE-ECDSA-AES256-GCM-SHA384' is passed to OpenSSL. However, after starting, the program window shows that the following four ciphers are used: TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, ECDHE-ECDSA-AES256-GCM-SHA384. According to our security department, I am not allowed to use the ciphers with CHACHA20. 2. Groups: TSslContext has a property SslCryptoGroups. I assume that this property is intended to specify the groups to use. However, I don't see any effect, no matter what value I specify here. Interestingly, I don't see any use of this property in the code (in OverbyteIcsSslBase.pas). I determined the ciphers and groups that are actually used using the test program sslscan-2.1.4. Please find attached the output of sslscan. Question: How can I exclude the CHACHA cipher and the ffdhe2048 group? Is this possible via ICS or do I have to control this somehow via an openssl configuration file? Thank you very much for the helpful information! sslscan-result.txt
×