Indy Delphi 10.1 Berlin. My customer had the HTTPS connection checked (using Qualys SSL Labs). The report states: "This server supports SSL 2" plus other warnings but I guess they are related to this. The code used is as follows:
SSLIOhandler:=TIdServerIOHandlerSSLOpenSSL.Create(NIL);
SSLIOhandler.SSLOptions.Method:=sslvTLSv1_2;
SSLIOhandler.SSLOptions.Mode:=sslmServer;
SSLIOhandler.OnVerifyPeer:=OnVerifyPeer;
SSLIOhandler.SSLOptions.SSLVersions:=[sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
HTTPServer:=TIdHTTPServer.Create(NIL);
HTTPServer.IOhandler:=SSLIOhandler;
I have read various posts but this area remains pretty much abacadabra to me. I limited the SSLVersions to just [sslvTLSv1_2] but the warning remains. What else can I do?
Update: Sorry to waste time. The Qualys test site apparently did not reload. I've restarted and retested and indeed it no longer complains about SSL2.
Next step is to pass its complaints about the ciphers, starting with TLS_RSA_WITH_DES_CBC_SHA. I have a list of ciphers but can't find how to assign them. When I use e.g.
SSLOptions.CipherList:='TLS_RSA_WITH_3DES_EDE_CBC_SHA';
I get an error: "SetCipher failed".
来源:https://stackoverflow.com/questions/44727830/indy-server-supports-ssl-2-but-it-should-not