AndreL 0 Posted May 23, 2023 Hi, FYI ,I updated from OpenSSL 1.1.1 (https://github.com/IndySockets/Indy/files/5029069/OpenSSL.zip) to OpenSSL 1.3 on windows 32bits I updated the following file: IdOpenSSLConsts.pas {$IFDEF WINDOWS} {$IFDEF CPU32_old}'libcrypto-1_1.dll'{$ENDIF} {$IFDEF CPU32}'libcrypto-3.dll'{$ENDIF} {$IFDEF CPU64}_old)'libcrypto-1_1-x64.dll'{$ENDIF} {$IFDEF CPU64}'libcrypto-3-x64.dll'{$ENDIF} {$ELSE} {$IFDEF WINDOWS} {$IFDEF CPU32_old}'libssl-1_1.dll'{$ENDIF} {$IFDEF CPU32}'libssl-3.dll'{$ENDIF} {$IFDEF CPU64_old}'libssl-1_1-x64.dll'{$ENDIF} {$IFDEF CPU64}'libssl-3-x64.dll'{$ENDIF} {$ELSE} Replacing libcrypto-1_1 and libssl-1_1 dlls by libcrypto-3 and libssl-3 in the application folder. NB: as libeay32.dll et ssleay32.dl are also removed, the call to OpenSSLVersion is returning an empty string. I don't know how to update this one. Application is running fine so far, including with TLS1.3 towards an Apache server. Share this post Link to post
Angus Robertson 577 Posted May 23, 2023 OpenSSL 3.0 and 3.1 are reasonably compatible with 1.1.1 for TLS, although a number of older algorithms have moved to legacy.dll which has to be loaded if you need MD5 and such stuff. SSL_get_peer_certificate is now SSL_get1_peer_certificate, and there are some other similar changes with 0 or 1 to make clear whether memory should be freed. 3.0 also added providers instead of engines and deprecated a large number of functions with better versions, but they still work for now. Angus Share this post Link to post
Remy Lebeau 1436 Posted May 23, 2023 6 hours ago, AndreL said: https://github.com/IndySockets/Indy/files/5029069/OpenSSL.zip That zipped code was submitted by another user on a comment to the open PR in Indy's repo. I don't think that code was every merged into the repo where the PR originates from: https://github.com/mezen/Indy/tree/NewOpenSSL_PR (see https://github.com/mezen/Indy/issues/12). Share this post Link to post