Using OpenSSL in Delphi webservice - available protocols and ciphers

Question

I\'m a bit confused about using OpenSSL in my Delphi webservice in relation to the available ciphers for a HTTPS connection.

Setup:

• My webservice runs

Answer 1

You can specify available ciphers via TIdServerIOHandlerSSLOpenSSL.SSLOptions.CipherList (as well as SSL/TLS versions via TIdServerIOHandlerSSLOpenSSL.SSLOptions.SSLVersions).

If you want Perfect Forward Secrecy, you has to create DHParam keys using openssl.exe (fill TIdServerIOHandlerSSLOpenSSL.SSLOptions.DHParamsFile by result file name). If you want not only DHE, but ECDHE ciphers you need to call some additional openssl api, see a Support for Perfect Forward Secrecy in SSL with indy 10 for example.