Watch, Follow, &
Connect with Us

Please visit our new home
community.embarcadero.com.


Welcome, Guest
Guest Settings
Help

Thread: TIdServerIOHandlerSSLOpenSSL cipher list



Permlink Replies: 1 - Last Post: Mar 24, 2018 1:44 AM Last Post By: Pramod Nair
Pramod Nair

Posts: 105
Registered: 5/21/06
TIdServerIOHandlerSSLOpenSSL cipher list
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 23, 2018 4:52 AM
we have one standalone https datasnap rest web application server, and here is the code am using for the ssl configuration

LIOHandleSSL := TIdServerIOHandlerSSLOpenSSL.Create(FServer);
LIOHandleSSL.SSLOptions.Method := sslvTLSv1_2;
LIOHandleSSL.SSLOptions.SSLVersions := [sslvTLSv1_2];
LIOHandleSSL.SSLOptions.CertFile := IncludeTrailingBackSlash(extractfilepath(Application.exename)) + 'Cert.pem';
LIOHandleSSL.SSLOptions.RootCertFile := IncludeTrailingBackSlash(extractfilepath(Application.exename)) + 'root.pem';
LIOHandleSSL.SSLOptions.KeyFile := IncludeTrailingBackSlash(extractfilepath(Application.exename)) + 'key.pem';
LIOHandleSSL.OnGetPassword := OnGetSSLPassword;
FServer.IOHandler := LIOHandleSSL;

here few of ciphers in the default list are week and want to exclude those, how can I do that, when i assign new cipher list like below then getting setcipher failed error
LIOHandleSSL.SSLOptions.CipherList := 'ECDHE-RSA-AES256-GCM-SHA384'

if use the cipher ECDHE-RSA-AES256-SHA then not getting any error but not visible when i test it thought cipher test tool(nmap)
Pramod Nair

Posts: 105
Registered: 5/21/06
Re: TIdServerIOHandlerSSLOpenSSL cipher list
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 24, 2018 1:44 AM   in response to: Pramod Nair in response to: Pramod Nair
i fixed it by adding the below cipher

RSA:!COMPLEMENTOFALL!DES!3DES!RC4

Pramod Nair wrote:
we have one standalone https datasnap rest web application server, and here is the code am using for the ssl configuration

LIOHandleSSL := TIdServerIOHandlerSSLOpenSSL.Create(FServer);
LIOHandleSSL.SSLOptions.Method := sslvTLSv1_2;
LIOHandleSSL.SSLOptions.SSLVersions := [sslvTLSv1_2];
LIOHandleSSL.SSLOptions.CertFile := IncludeTrailingBackSlash(extractfilepath(Application.exename)) + 'Cert.pem';
LIOHandleSSL.SSLOptions.RootCertFile := IncludeTrailingBackSlash(extractfilepath(Application.exename)) + 'root.pem';
LIOHandleSSL.SSLOptions.KeyFile := IncludeTrailingBackSlash(extractfilepath(Application.exename)) + 'key.pem';
LIOHandleSSL.OnGetPassword := OnGetSSLPassword;
FServer.IOHandler := LIOHandleSSL;

here few of ciphers in the default list are week and want to exclude those, how can I do that, when i assign new cipher list like below then getting setcipher failed error
LIOHandleSSL.SSLOptions.CipherList := 'ECDHE-RSA-AES256-GCM-SHA384'

if use the cipher ECDHE-RSA-AES256-SHA then not getting any error but not visible when i test it thought cipher test tool(nmap)
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02