TLS1_3 support needed

The latest servers from Amazon require support for TLS1.3 and I cannot see any support from Indy yet on this protocol. I can connect with openssl version 3 but not Indy 10… whatever
Does anyone know an alternative component with TLS1.3 support for simple HTTPS Get and Post?
PS I am assuming this is he current version on Indy components: GitHub - IndySockets/Indy: Indy - Internet Direct

I think Indy might just use open ssl under the hood so you would probably just need a version of openssl dll that supports the requirement. If the Indy wrapper doesn’t limit the maximum TLS version then you might be lucky. I’m sure you could hack the Pascal unit to support it if its old.

Are you using the latest Indy?

The latest Indy still only has these versions/methods:
TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2);

The latest openssl does not use these libs at all.

SSL_DLL_name = ‘ssleay32.dll’; {Do not localize}

SSL_DLL_name_alt = ‘libssl32.dll’; {Do not localize}

Alan McDonald


Sounds like Indy needs some work and a volunteer contribution :wink:

There is also secure black box from /nsoftware. That’s a native Delphi tls implementation which includes TLS 1.3. For a price. Probably overkill depending on your needs.

Thanks Jared, there’s also Devart and Clever Components but all a bit overkill for a simple (at the moment) get and post … Not worth $1,000

The RTL probably has the solution you need. System.Net.HttpClient - RAD Studio API Documentation (

Maybe – but I’m stuck in XE5 for this case.

So, it looks like Devart SecureBridge for $100 is the way to go here. I’ll trial and it and see.

Alan McDonald


I believe what you are referencing is this TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints | AWS Security Blog
Indy supports tls 1.2. I believe there is a few different development branches in the Indy repository for tls 1.3 support. One uses a openslll and another uses the schannel library in windows.

If you use TNetHTTP included with recent versions of Delphi, the page below has details on enabling tls 1.3

Would ICS be of any help?
It has been updated to support OpenSSL up to 3.0.3.

If you’re stuck on XE5 and just developing for windows only then maybe just write your own code to use WinInet, it is pretty straight forward. The System.Net.HttpClient just uses wraps windows api stuff anyway.

HTTP Sessions - Win32 apps | Microsoft Docs

Thanks for the suggestions.

I just tried the SecureBridge from Devart and it works perfectly – no work to do and not that expensive.

3 lines of code.

Alan McDonald


1 Like