02-06-2020, 06:44 PM
(This post was last modified: 02-06-2020, 06:56 PM by Craig Burke.)
(02-06-2020, 10:35 AM)jeroen.rottink Wrote: Hi Craig,Thanks Jeroen I will check it out!
The demo is quite old and configured for using SSLv3.
Open ServerController and change the property IWServerController.SSLOptions.SSLVersion to TLSv12. This is also the default for new created projects.
The eventhandler IWServerControllerBaseAfterCreateIOHandler can also be removed. Not needed. I am not even sure if it gets called.
After that the browser will still give you an error on validating the self-signed certificate. Create your own with one of many instructions on the internet.
Indy and Intraweb are not a problem to create a secure tls 1.2 connection between your application and the browser.
- Craig
(02-06-2020, 01:01 AM)rlebeau Wrote:Hi Remy,(02-05-2020, 04:45 PM)Craig Burke Wrote: Downloaded the OpenSSL dll's 1.02q
Why not the latest - 1.0.2.u?
(02-05-2020, 04:45 PM)Craig Burke Wrote: The question is what should I assign to the CipherList and or SSLVersions?
Leave the CipherList blank to use the DLL's default ciphers.
Set the SSLVersions to [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2] (or whatever the IntraWeb equivalent is). IntraWeb uses Indy, and by default Indy enables only sslvTLSv1 (TLS 1.0).
Ok, downloaded and using 1.0.2.u.
Any issues with allowing the client to define the CipherList via an .ini file?
Thanks,
-Craig