The latest servers from Amazon require support for TLS1.3 and I cannot see any support from Indy yet on this protocol. I can connect with openssl version 3 but not Indy 10… whatever
Does anyone know an alternative component with TLS1.3 support for simple HTTPS Get and Post?
Alan
PS I am assuming this is he current version on Indy components: GitHub - IndySockets/Indy: Indy - Internet Direct
I think Indy might just use open ssl under the hood so you would probably just need a version of openssl dll that supports the requirement. If the Indy wrapper doesn’t limit the maximum TLS version then you might be lucky. I’m sure you could hack the Pascal unit to support it if its old.
Are you using the latest Indy?
The latest Indy still only has these versions/methods:
TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2);
The latest openssl does not use these libs at all.
SSL_DLL_name = ‘ssleay32.dll’; {Do not localize}
SSL_DLL_name_alt = ‘libssl32.dll’; {Do not localize}
Alan McDonald
Sounds like Indy needs some work and a volunteer contribution 
There is also secure black box from /nsoftware. That’s a native Delphi tls implementation which includes TLS 1.3. For a price. Probably overkill depending on your needs.
Thanks Jared, there’s also Devart and Clever Components but all a bit overkill for a simple (at the moment) get and post … Not worth $1,000
Alan
The RTL probably has the solution you need. System.Net.HttpClient - RAD Studio API Documentation (embarcadero.com)
Maybe – but I’m stuck in XE5 for this case.
So, it looks like Devart SecureBridge for $100 is the way to go here. I’ll trial and it and see.
Alan McDonald
I believe what you are referencing is this TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints | AWS Security Blog
Indy supports tls 1.2. I believe there is a few different development branches in the Indy repository for tls 1.3 support. One uses a openslll and another uses the schannel library in windows.
If you use TNetHTTP included with recent versions of Delphi, the page below has details on enabling tls 1.3
Would ICS be of any help?
It has been updated to support OpenSSL up to 3.0.3.
http://wiki.overbyte.eu/wiki/index.php/ICS_Download
If you’re stuck on XE5 and just developing for windows only then maybe just write your own code to use WinInet, it is pretty straight forward. The System.Net.HttpClient just uses wraps windows api stuff anyway.
Thanks for the suggestions.
I just tried the SecureBridge from Devart and it works perfectly – no work to do and not that expensive.
3 lines of code.
Alan McDonald
1 Like