:!DH:
within the existing cipher list, I've just changed mine to: 'ALL:!ADH:!DH:RC4+RSA:+SSLv2:@STRENGTH'
and now the latest OpenSSL 1.1.0e connects". You can use the TIdSSLIOHandlerSocketOpenSSL.SSLOptions.CipherList
property for that.
OnVerifyPeer
events, and set VerifyMode
to [sslvrfPeer]
, but it is currently allowing connections when there is no client certificate. What have I done wrong / missed ?
sslvrPeer
: A Request from a client certificate will be sent to the client. The client may opt to ignore the request, but if a certificate is sent back, it will be verified.sslvrfFailIfNoPeerCert
: only used for server when sslvrPeer
is set. Use of this flag will cause the handshake to terminate immendiatly if no certificate is provided by the client.sslvrfClientOnce
: only used for server when sslvrPeer
is set. Use of this flag will prevent the server from requesting a certificate from the client in the case of renegotiation. A certificate will still be requested during the initial handshake
VerifyMode
to [sslvrfPeer, sslvrfFailIfNoPeerCert]
SSL_VERIFY_NONE
is VerifyMode := [];
procedure TNetworkingModel.ConfigureUDPBindings(const AListener: TIdIPMCastClient);
var
LHandle: TIdSocketHandle;
I: Integer;
begin
AListener.Bindings.Clear;
for I := 0 to FLocalAddresses.Count - 1 do
begin
LHandle := AListener.Bindings.Add;
LHandle.IPVersion := FLocalAddresses.Addresses[I].IPVersion;
LHandle.IP := FLocalAddresses.Addresses[I].IPAddress;
LHandle.Port := AListener.DefaultPort;
end;
end;