Indy 10 and sslvTLSv1_2

问题

I have a website I post to that currently supports TLS v1.1 and TLS 1.2. They will soon only allow TLS ver 1.2 connections. I upgraded Delphi 5 to Indy 10 for this reason.

Currently, I create my components in code and everything works great running 3 threads at a time:

HTTp := TIdHttp.Create(nil);
      HTTP.OnSelectAuthorization := HTTPSelectAuthorization;
      HTTP.HTTPOptions := [hoInProcessAuth,hoForceEncodeParams,hoKeepOrigProtocol];

      HTTP.OnStatus := HTTPStatus;
      HTTP.OnWorkEnd := HTTPWorkEnd;
      HTTP.Request.ContentType := 'application/x-www-form-urlencoded';
      HTTP.ProxyParams.ProxyPort := ProxyPort;
      HTTP.ProxyParams.ProxyUsername := ProxyUserName;
      HTTP.ProxyParams.ProxyPassword := ProxyPassword;
      HTTP.ProxyParams.BasicAuthentication := ProxyBasicAuth;
    end;

    If UseSSL and (SSL = nil) then
    Begin
      SSL := TIDSSLIOHandlerSocketOpenSSL.Create(nil);
      SSL.SSLOptions.Mode := sslmClient;
      SSL.OnGetPassword := SSLGetPassword;
      SSL.SSLOptions.Method := sslvTLSv1_2;
      HTTP.IOHandler := SSL;
    end;

Is there an event that I would tell me exactly what TLS version I am current actually connecting with when sending a post? I don't want there to be a surprise when they finally stop accepting TLS v1.1 connections.

Thanks.

回答1:

There is no event specifically for that purpose. You would have to query the underlying SSL object directly, such as in the OnStatus event, using the SSL_get_version() function.

However, you are setting the Method to TLS 1.2 exclusively, so that is all Indy will use (as long as you use a version of OpenSSL that supports 1.2, otherwise Indy will silently fallback to 1.0).

On a side note, your UseSSL if block should look more like this:

If UseSSL then
Begin
  If (SSL = nil) then
  Begin
    SSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
    SSL.SSLOptions.Mode := sslmClient;
    SSL.OnGetPassword := SSLGetPassword;
    SSL.SSLOptions.Method := sslvTLSv1_2;
  End;
  HTTP.IOHandler := SSL;
end;

回答2:

Here is an example how you can get info about SSL version. (may need some update as I don't use latest Indy)

Declaration

  procedure IdSSLIOHandlerSocketOpenSSLStatusInfoEx(ASender: TObject;
    const AsslSocket: PSSL; const AWhere, Aret: Integer; const AType,
    AMsg: string);

Assign

SSL.OnStatusInfoEx:=IdSSLIOHandlerSocketOpenSSLStatusInfoEx;

Usage

procedure THttpThread.IdSSLIOHandlerSocketOpenSSLStatusInfoEx(ASender: TObject;
  const AsslSocket: PSSL; const AWhere, Aret: Integer; const AType,
  AMsg: string);
begin
  if AsslSocket.version = TLS1_VERSION then
    ...
end;

来源：https://stackoverflow.com/questions/39535585/indy-10-and-sslvtlsv1-2