@clust3rsekt0r wich ssl versions does the server support? and wich does your client support? Test the server with openssl s_client and try all the -tls* / -ssl switches It may be the case that some doesn't accept ssl2/ssl3 anymore.
@rlebeau Did a test today cutting out the proxy server, which then passed. So it seems there's some issue with the proxy setup that doesn't matter with older Delphi code but is exposed with newer SNI code for reasons unknown. The following seems perhaps related: http://www.squid-cache.org/mail-archive/squid-users/201406/0335.html And further: http://wiki.squid-cache.org/Features/SslPeekAndSplice I'll follow this up with the network guys here... That said, is it possible to easily instruct Indy to disable the SNI support (or remove the header) to essentially revert to the older behaviour in the meantime?
@ByteJuggler unfortunately no. SNI usage is hard-coded, so you would have to alter and recompile Indy to disable use of SNI. Indy does not initiate an SSL/TLS handshake until after a proxy has established a connection to the HTTPS server