Forum > Networking and Web Programming
OpenSSL 3.0 vs Indy's 1.0.2 + Generating .CSR + HTTPS
PizzaProgram:
Hi,
If I look at the Official OpenSSL page, I see that version 1.0.2 is out of support, and 1.1.1 is the minimum, while 3.0.2 is the current recommended: https://www.openssl.org/source/
Most of the sites providing 3.0.2 binaries: https://wiki.openssl.org/index.php/Binaries
But if I check Indy's site, there is only 1.0.2 available: https://indy.fulgan.com/SSL/
- Does anyone know what's going on here?
- Is there a way to use HTTPS connections or generate .CSR files using up to date version of OpenSSL ?
(I wonder why isn't there a topic about this already, while it is a very important part of our modern world... :o )
Bi0T1N:
--- Quote from: PizzaProgram on April 10, 2022, 03:15:32 am ---But if I check Indy's site, there is only 1.0.2 available: https://indy.fulgan.com/SSL/
- Does anyone know what's going on here?
--- End quote ---
Officially Indy only supports OpenSSL 1.0.2 - see here for the reason. However, there is a PR on Github that provides support for OpenSSL 1.1.1.
PizzaProgram:
Thank you very much for the links! I've red them all.
It seems a stable, widely tested TLS 1.3 won't go into production any soon. :(
Indy is not even at SSL 1.1.1, while this version will be already deprecated after 2023-09-11 (y-m-d).
I really need to create a DLL now, that will support safe connection to a government server for 5-10+ years using a special 4096 RSA signed key.
So the big question is:
- What other library is there available instead of Indy?
I've red somewhere that "the most secure (error free) version" of OpenSSL is currently this:
https://github.com/rustls/rustls
But it does not support:
* Compression.
* Automatic protocol version downgrade.So it does not seem to be the best choise.
I accept any advice what should I do to quickly solve this and start to work while only 30 days left to implement 1000+ things. (It's a new law in our country).
OFF:
I really would like to avoid switching to C# + VS2017 + .NET like all my pascal friends did 15 years ago.
PizzaProgram:
I have found this library, supporting OpenSSL 3.0.2 ! :)
http://wiki.overbyte.eu/wiki/index.php/ICS_Download
Theoratically it can be used with FreePascal too:
www.stack.nl/~marcov/ics.html
SymbolicFrank:
There's also Synapse, but I would use fphttpclient for something new. There are more. Then again, the main stumbling block tends to be RSA. I cannot help with that.
Navigation
[0] Message Index
[#] Next page