Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Indy TCPServer/TCPClient
#2
(05-03-2018, 02:44 PM)wzehntner Wrote: We are now planning to change this Client-Server model to use SSL encryption (a server certificate does exist).

Can you please point me to some sample code how to implement SSL on server and on client  side.

There is really not much to it.

On the server side:
  • Assign a TIdServerIOHandlerSSLBase-derived component, such as TIdServerIOHandlerSSLOpenSSL, to the TIdTCPServer.IOHandler property before activating the server, and configure the IOHandler as needed (certificate, etc).  If you do use OpenSSL, deploy the two OpenSSL library binaries, libeay32 and ssleay32, with your server app.

  • When you are ready to begin listening for an SSL/TLS handshake from the client, either in the TIdTCPServer.OnConnect or TIdTCPServer.OnExecute event, typecast the client's IOHandler property to TIdSSLIOHandlerSocketBase and set its PassThrough property to false:

    Code:
    TIdSSLIOHandlerSocketBase(AContext.Connection.IOHandler).PassThrough := False;

    If you set the PassThrough to false at the top of the OnConnect event, the handshake will be performed immediately upon the client connecting to the server, before any other data is exchanged.

    If you set the PassThrough to false in the middle of the OnConnect event, or in the OnExecute event, that gives the client the opportunity to exchange commands and responses unencrypted as before, and then explicitly request permission to perform an SSL/TLS handshake before actually performing it.  This is useful when you need to continue supporting older clients that do not use SSL/TLS encryption.

On the client side:
  • Assign a TIdSSLIOHandlerSocketBase-derived component, such as TIdSSLIOHandlerSocketOpenSSL, to the TIdTCPClient.IOHandler property.  If you do use OpenSSL, deploy the two OpenSSL library binaries, libeay32 and ssleay32, with your client app.

  • When you are ready to initiate an SSL/TLS handshake with the server, set the IOHandler's PassThrough property to false:

    Code:
    TIdSSLIOHandlerSocketBase(IdTCPClient1.IOHandler).PassThrough := False;

    If you set the PassThrough to false before calling TIdTCPClient.Connect(), the handshake will be performed immediately upon the client connecting to the server, before any other data is exchanged.

    If you set the PassThrough to false after calling TIdTCPClient.Connect(), that gives the client the opportunity to exchange commands and responses unencrypted as before, and then explicitly request permission to perform an SSL/TLS handshake before actually performing it.  This is useful when you need to continue supporting older servers that do not use SSL/TLS encryption.

Reply


Messages In This Thread
Indy TCPServer/TCPClient - by wzehntner - 05-03-2018, 02:44 PM
RE: Indy TCPServer/TCPClient - by rlebeau - 05-03-2018, 07:32 PM
RE: Indy TCPServer/TCPClient - by wzehntner - 05-04-2018, 08:53 AM
RE: Indy TCPServer/TCPClient - by rlebeau - 05-07-2018, 06:30 PM
RE: Indy TCPServer/TCPClient - by wzehntner - 05-14-2018, 07:11 AM
RE: Indy TCPServer/TCPClient - by rlebeau - 05-14-2018, 06:27 PM
RE: Indy TCPServer/TCPClient - by wzehntner - 05-17-2018, 08:21 AM
RE: Indy TCPServer/TCPClient - by rlebeau - 05-17-2018, 06:48 PM
RE: Indy TCPServer/TCPClient - by morhous - 05-14-2018, 07:58 AM
RE: Indy TCPServer/TCPClient - by kudzu - 05-14-2018, 02:22 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)