Dual HTTP/HTTPs server

obones · January 10, 2024, 1:52pm

Hello,

I currently have a running server with a TROSynapseSuperHTTPServer instance serving clients using TROSynapseSuperHTTPChannel all of this with an AES envelope on a binary message.
I have been asked to add the possibility to configure the server so that it may optionally use a file based SSL certificate while keeping the following capabilities:

BindV4: true
BindV6: true
MinSizeForGZipEncoding: 1
ServerInfoPage: false
ServeRODL: false

There is no need for older clients to be able to talk to a SSL enabled client as this would pose a security risk.

Looking around here, there were messages saying that the Synapse based classes do not support SSL, but they all date back a few years and things may have changed since then. In particular, I see that there is a file called ssl_openssl.pas that hints at “transparent” support when the appropriate OpenSLL DLLs are distributed alongside the application binary.

Thanks for any suggestion

EvgenyK · January 11, 2024, 9:01am

Hi,

Synapse library was unchanged for several years but I see it was changed recently and they have added OpenSSL v3 support.

I’ll review their changes and update shipped version to the latest revision.

as a workaround, I can suggest to use TROSuperHTTPServer and TROSuperHTTPChannel that supports SSL.

this article can be useful for you - SSL/TLS (Delphi)

RemObjectsSoftware · January 11, 2024, 9:02am

Logged as bugs://D19414.

obones · January 11, 2024, 9:23am

Thanks for that.

Do you know if the channel handles the 301 permanent return code?
This way I could have a dummy server listen on the original port that replies with that 301 redirect and get clients to automatically use HTTPs if configured to do so.

EvgenyK · January 11, 2024, 9:35am

Hi,

my bad - we have only server-side (TROSuperHTTPServer) and no client-side.

client-side can be

TROGrijjySuperHttpChannel
TROIndySuperHttpChannel
TROSynapseSuperHttpChannel

RemObjectsSoftware · January 11, 2024, 2:53pm

bugs://D19414 was closed as fixed.

EvgenyK · January 11, 2024, 2:57pm

Hi,

latest Synapse snapshot

I’ve tested it with OpenSSL v3 unit (ssl_openssl3.pas).

client channels work as expected
TROSynapseSuperTCPServer supports SSL.
TROSynapseHTTPServer and TROSynapseSuperHTTPServer don’t support SSL

obones · January 12, 2024, 7:59am

Thanks for this, I’ll see what I can come up with

obones · January 22, 2024, 2:40pm

It works quite well indeed.
Any idea if this update will be included in a future version of the SDK?

EvgenyK · January 22, 2024, 3:18pm

Hi,

already included into .1581

obones · January 29, 2024, 10:39am

I believe there was an issue in packaging the latest snapshot as I can’t see the ssl_openssl3.pas source file along with a few other new files in the Synapse folder.
The prexisting files have been updated just fine but there are at least 6 new files:

Crypt32.pas
ssl_openssl11.pas
ssl_openssl11_lib.pas
ssl_openssl3.pas
ssl_openssl3_lib.pas
ssl_openssl_capi.pas

Did I miss something here? Or should I wait for a later package?

EvgenyK · January 29, 2024, 10:57am

Hi,

Thx for report.
fixed.

I’ve attached Synapse folder:
Synapse.zip (401.4 KB)