Angus Robertson 526 Posted February 5 OpenSSL has released new versions of the three active versions, 3.2.1, 3.1.5 and 3.0.13 which have three low priority security fixes. Windows binaries are available in SVN and the overnight zip file and separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp In addition to the three DLL files, the zips include compiled RES resource files that contain the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately. ICS V9.1 and later optionally support loading the resource file, currently in SVN and the overnight zip. Beware V9.1 has a lot of other changes that may need application changes, please read the SVN change log very carefully. There will be a lot of new documentation about V9.1 over the next two weeks. Separately, YuOpenSSL has released 3.0.13 as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. Angus 3 1 Share this post Link to post
PizzaProgram 9 Posted March 22 I've searched 2 hours long for an answer: - What is the main difference between OpenSSL 3.0.x / 3.1.x / 3.2.x / 3.3.x ? Here is what I've found: The main difference is the support time vs. speed issues vs. new features. 3.0 was reported to be slow, but it will get the longest support (LTS): 2026-09-07 3.1 is a "middle solution", much faster but shorter support: 2025-03-14 3.2 is currently the recommended version, (but it has shorter support time than the LTS): 2025-11-23 1.1.1, 1.1.0, 1.0.2, 1.0.0 and 0.9.8 are now out of support and should not be used 3.3 is only at alpha state yet. 1 Share this post Link to post
Angus Robertson 526 Posted March 22 Quote What is the main difference between OpenSSL 3.0.x / 3.1.x / 3.2.x / 3.3.x Short answer, no difference as far as ICS is concerned. ICS does not use any of the new features in 3.1, 3.2 or 3.3, yet. Long answer, OpenSSL is adding new features for each release, 3,1 was minor stuff, 3.2 was QUIC for HTTP/3 clients, 3.3 has just entered alpha testing and adds QUIC for HTTP/3 servers. Not sure if ICS needs to support QUIC and HTTP/3 (or HTTP/2), the only benefit is performance primarily when displaying complex web pages with hundreds of elements, and ICS is primarily used for APIs, not creating web browsers. HTTP/2 is half way to HTTP/3 (compressed headers) and there is an Indy implementation using a DLL, but hear very little about it, not sure if Delphi users need it? I've vaguely thought about a proper Delphi HTTP/2 implementation, but it's a lot of work for no visible benefit, just small performance improvement. There is are some OpenSSL 3.2 features I may look at, but no rush. My own servers are still using 3.0. But ICS offers all the currently supported versions. 3.1 and 3.2 will disappear before 3.0, once the next long term support release comes out. Angus Share this post Link to post
Angus Robertson 526 Posted April 15 On 3/22/2024 at 9:17 AM, Angus Robertson said: 3.3 has just entered alpha testing and adds QUIC for HTTP/3 servers. Correction, OpenSSL 3.3 was released last week and does not add QUIC for servers, that is scheduled for OpenSSL 3.4 due in October 2024. https://github.com/orgs/openssl/projects/11/views/3 OpenSSL 3.3 for Windows will be released later this week with ICS V9.2 beta. But there are no new features particularly relevant to ICS. Angus 1 Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
