问题
I have a website I post to that currently supports TLS v1.1 and TLS 1.2. They will soon only allow TLS ver 1.2 connections. I upgraded Delphi 5 to Indy 10 for this reason.
Currently, I create my components in code and everything works great running 3 threads at a time:
HTTp := TIdHttp.Create(nil);
HTTP.OnSelectAuthorization := HTTPSelectAuthorization;
HTTP.HTTPOptions := [hoInProcessAuth,hoForceEncodeParams,hoKeepOrigProtocol];
HTTP.OnStatus := HTTPStatus;
HTTP.OnWorkEnd := HTTPWorkEnd;
HTTP.Request.ContentType := 'application/x-www-form-urlencoded';
HTTP.ProxyParams.ProxyPort := ProxyPort;
HTTP.ProxyParams.ProxyUsername := ProxyUserName;
HTTP.ProxyParams.ProxyPassword := ProxyPassword;
HTTP.ProxyParams.BasicAuthentication := ProxyBasicAuth;
end;
If UseSSL and (SSL = nil) then
Begin
SSL := TIDSSLIOHandlerSocketOpenSSL.Create(nil);
SSL.SSLOptions.Mode := sslmClient;
SSL.OnGetPassword := SSLGetPassword;
SSL.SSLOptions.Method := sslvTLSv1_2;
HTTP.IOHandler := SSL;
end;
Is there an event that I would tell me exactly what TLS version I am current actually connecting with when sending a post? I don't want there to be a surprise when they finally stop accepting TLS v1.1 connections.
Thanks.
回答1:
There is no event specifically for that purpose. You would have to query the underlying SSL object directly, such as in the OnStatus
event, using the SSL_get_version() function.
However, you are setting the Method
to TLS 1.2 exclusively, so that is all Indy will use (as long as you use a version of OpenSSL that supports 1.2, otherwise Indy will silently fallback to 1.0).
On a side note, your UseSSL
if block should look more like this:
If UseSSL then
Begin
If (SSL = nil) then
Begin
SSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
SSL.SSLOptions.Mode := sslmClient;
SSL.OnGetPassword := SSLGetPassword;
SSL.SSLOptions.Method := sslvTLSv1_2;
End;
HTTP.IOHandler := SSL;
end;
回答2:
Here is an example how you can get info about SSL version. (may need some update as I don't use latest Indy)
Declaration
procedure IdSSLIOHandlerSocketOpenSSLStatusInfoEx(ASender: TObject;
const AsslSocket: PSSL; const AWhere, Aret: Integer; const AType,
AMsg: string);
Assign
SSL.OnStatusInfoEx:=IdSSLIOHandlerSocketOpenSSLStatusInfoEx;
Usage
procedure THttpThread.IdSSLIOHandlerSocketOpenSSLStatusInfoEx(ASender: TObject;
const AsslSocket: PSSL; const AWhere, Aret: Integer; const AType,
AMsg: string);
begin
if AsslSocket.version = TLS1_VERSION then
...
end;
来源:https://stackoverflow.com/questions/39535585/indy-10-and-sslvtlsv1-2