Forum > Networking and Web Programming

OpenSSL 3.0 vs Indy's 1.0.2 + Generating .CSR + HTTPS

(1/5) > >>

 If I look at the Official OpenSSL page, I see that version 1.0.2 is out of support, and 1.1.1 is the minimum, while 3.0.2 is the current recommended:
Most of the sites providing 3.0.2 binaries:

But if I check Indy's site, there is only 1.0.2 available:

- Does anyone know what's going on here?

- Is there a way to use HTTPS connections or generate .CSR files using up to date version of OpenSSL ?

(I wonder why isn't there a topic about this already, while it is a very important part of our modern world...  :o )


--- Quote from: PizzaProgram on April 10, 2022, 03:15:32 am ---But if I check Indy's site, there is only 1.0.2 available:

- Does anyone know what's going on here?

--- End quote ---

Officially Indy only supports OpenSSL 1.0.2 - see here for the reason. However, there is a PR on Github that provides support for OpenSSL 1.1.1.

Thank you very much for the links! I've red them all.
It seems a stable, widely tested TLS 1.3 won't go into production any soon.  :(
Indy is not even at SSL 1.1.1, while this version will be already deprecated after 2023-09-11 (y-m-d).

I really need to create a DLL now, that will support safe connection to a government server for 5-10+ years using a special 4096 RSA signed key.

So the big question is:
- What other library is there available instead of Indy?

I've red somewhere that "the most secure (error free) version" of OpenSSL is currently this:
But it does not support:

* Compression.
* Automatic protocol version downgrade.So it does not seem to be the best choise.

I accept any advice what should I do to quickly solve this and start to work while only 30 days left to implement 1000+ things. (It's a new law in our country).

I really would like to avoid switching to C# + VS2017 + .NET like all my pascal friends did 15 years ago.

I have found this library, supporting OpenSSL 3.0.2 !   :)

Theoratically it can be used with FreePascal too:

There's also Synapse, but I would use fphttpclient for something new. There are more. Then again, the main stumbling block tends to be RSA. I cannot help with that.


[0] Message Index

[#] Next page

Go to full version