These are chat archives for IndySockets/Indy

5th
Jul 2016
Nick Hodges
@NickHodges_twitter
Jul 05 2016 20:34
Hey.
I have an Indy question if I may.
If you set the SSL version to SSLv12, will it automatically allow for downgrades to 1.1 and 1.0?
Or do you have to include those values in the set if you want them included?
Nick Hodges
@NickHodges_twitter
Jul 05 2016 20:50
The reason I ask is that I'm seeing some strange behavior with regard to the SSLOptions.Methods property.
Remy Lebeau
@rlebeau
Jul 05 2016 22:13
Hi Nick. There is no SSLv12, I assume you mean sslvTLS1_2. instead. No, enabling TLS 1.1 by itself will not perform a downgrade, you need to enable the other versions in the Set.
Use SSLOptions.SSLVersions to enable desired versions, the SSLOptions.Method will be updated accordingly (and vice versa). When multiple versions are enabled, the ssl23 method is used so version negotiation can be performed with the peer dynamically.
Remy Lebeau
@rlebeau
Jul 05 2016 22:24
what kind of behavior are you seeing?