SSL Issue


delphi : 10.3.3 , RO:

I use the indyHttpserver and IdServerIOHandlerSSLOpenSSL to setup the SSL.

I hit the NET::ERR_SSL_OBSOLETE_VERSION when using browser to access the server.

below is my IdServerIOHandlerSSLOpenSSL :

object IdServerIOHandlerSSLOpenSSL1: TIdServerIOHandlerSSLOpenSSL
SSLOptions.Method = sslvSSLv23
SSLOptions.SSLVersions = [sslvSSLv2, sslvSSLv3, sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]
SSLOptions.Mode = sslmUnassigned
SSLOptions.VerifyMode = []
SSLOptions.VerifyDepth = 0
OnGetPassword = IdServerIOHandlerSSLOpenSSL1GetPassword
OnGetPasswordEx = IdServerIOHandlerSSLOpenSSL1GetPasswordEx
Left = 144
Top = 288

Please advise why have this issue and how to fix? Is it openssl dll version too old?



I fixed the issue by update the openssl dll to new version. However , I check the ssl setup by some checker.
It reported the PCI DSS and Apple ATS is not passed. How’s this usage and should I need to handle it?

as I need to provide ios APP and android to call the restapi function in my DA server.

Please advise.



AFAIR, Indy uses OpenSSL v1.0.2 that is outdated because OpenSSL v3 was released recently.

Socket channels (like TROHTTPServer) use OpenSSL v 1.1.1 and they can be updated for using OpenSSL v3.
see more at OpenSSL 3 thread