Jump to content
Angus Robertson

New OpenSSL release 3.2.0, and new resource files linked by ICS

By Angus Robertson, in ICS - Internet Component Suite

Recommended Posts

Angus Robertson    526

Angus Robertson
Posted

OpenSSL has released new minor version 3.2.0, which has a lot of new features.  It is compatible with the current versions of ICS, but has only been tested briefly with clients, it needs at least a week of testing with servers before I'm comfortable adding the DLLs to ICS as the defaults.

 

The major change in 3.2.0 is support for client side QUIC protocol. QUIC is based on UDP rather than TCP and allows multiple streams in parallel, typically for downloading web pages with hundreds of elements, QUIC combined with HTTP/2 becomes HTTP/3.  There is a DLL solution that has been used to add HTTP/2 to Indy but not native Delphi implementation I'm aware of, it's a lot of work. So no possibility of ICS having HTTP/3 soon.

 

Other changes in 3.2.0 include:
Certificate compression in TLS, including support for zlib, zstd and Brotli
Deterministic ECDSA.
Support for Ed25519ctx, Ed25519ph and Ed448ph.
AES-GCM-SIV.
Argon2 and supporting thread pool functionality.
Hybrid Public Key Encryption (HPKE).
The ability to use raw public keys in TLS.
Support for Brainpool curves in TLS 1.3.
SM4-XTS.
Support for using the Windows system certificate store as a source of trusted root certificates.

 

Some of the above cipher and hash changes may be used by TLS connections without change to ICS, if negotiated with the other end, but certificate related changes will need updates to ICS.

 

Windows binaries are available in SVN and the overnight zip file and separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp

 

In addition to the three DLL files, the zip includes a compiled RES resource file that contains the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately.

 

ICS V9.1 and later optionally support loading the resource file, currently in SVN and the overnight zip.

 

Angus

 

  • Thanks 2

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing ICS - Internet Component Suite
×