我在 Delphi 2010 中使用 OpenSSL 1.0.2o 和 Indy 10.6.2。
这是我到目前为止所做的:
procedure TServerForm.FormCreate(Sender: TObject);
var
LEcdh: PEC_KEY;
FSslCtx: PSSL_CTX;
SSL: PSSL;
FSSLContext: TIdSSLContext;
begin
//mServer.Active := True;
FSingle:=TCriticalSection.Create;
appdir := ExtractFilePath(ParamStr(0));
IdServerIOHandlerSSLOpenSSL1.SSLOptions.RootCertFile := appdir + 'EccCA.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile := appdir + 'EccSite.key';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile := appdir + 'EccSite.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.DHParamsFile := appdir + 'dhparam.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.Method := sslvTLSv1_2;
IdServerIOHandlerSSLOpenSSL1.SSLOptions.SSLVersions := [sslvTLSv1_2];
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CipherList :=
//'ECDHE-ECDSA-AES128-GCM-SHA256:' +
'ECDHE-RSA-AES128-GCM-SHA256:' +
//'ECDHE-RSA-AES256-GCM-SHA384:' +
//'ECDHE-ECDSA-AES256-GCM-SHA384:' +
//'DHE-RSA-AES128-GCM-SHA256:' +
//'ECDHE-RSA-AES128-SHA256:' +
//'DHE-RSA-AES128-SHA256:' +
//'ECDHE-RSA-AES256-SHA384:' +
//'DHE-RSA-AES256-SHA384:' +
//'ECDHE-RSA-AES256-SHA256:' +
//'DHE-RSA-AES256-SHA256:' +
'HIGH:' +
'!aNULL:' +
'!eNULL:' +
'!EXPORT:' +
'!DES:' +
'!RC4:' +
'!MD5:' +
'!PSK:' +
'!SRP:' +
'!CAMELLIA';
MServer.IndyServer.IOHandler := IdServerIOHandlerSSLOpenSSL1;
mServer.Active := True;
//FSSLContext := TIdSSLContext(IdServerIOHandlerSSLOpenSSL1.SSLContext);
end;
This不起作用。
有人有好的建议吗?
首先,请确保将 Indy 版本更新到最新的 SVN 快照。之后之前的讨论我补充说,我在 Embarcadero 论坛上与 Roberto Frances 进行了交流SSL_CTRL_SET_ECDH_AUTO
and SSL_CTX_set_ecdh_auto()
去印地IdSSLOpenSSLHeaders
unit.
因此,其他讨论中的代码中唯一缺少的部分是定义TMyIdSSLContext
,我认为这很简单:
type
TMyIdSSLContext = class(TIdSSLContext)
end;
自从TIdSSLContext.fContext
成员被声明为protected
, 申报单位TMyIdSSLContext
获得访问权TIdSSLContext
的受保护成员。因此,您的代码可以如下所示:
type
TMyIdSSLContext = class(TIdSSLContext)
end;
procedure TServerForm.FormCreate(Sender: TObject);
var
FSSLContext: TMyIdSSLContext;
begin
FSingle := TCriticalSection.Create;
appdir := ExtractFilePath(ParamStr(0));
IdServerIOHandlerSSLOpenSSL1.SSLOptions.RootCertFile := appdir + 'EccCA.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile := appdir + 'EccSite.key';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile := appdir + 'EccSite.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.DHParamsFile := appdir + 'dhparam.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.Method := sslvTLSv1_2;
IdServerIOHandlerSSLOpenSSL1.SSLOptions.SSLVersions := [sslvTLSv1_2];
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CipherList :=
//'ECDHE-ECDSA-AES128-GCM-SHA256:' +
'ECDHE-RSA-AES128-GCM-SHA256:' +
//'ECDHE-RSA-AES256-GCM-SHA384:' +
//'ECDHE-ECDSA-AES256-GCM-SHA384:' +
//'DHE-RSA-AES128-GCM-SHA256:' +
//'ECDHE-RSA-AES128-SHA256:' +
//'DHE-RSA-AES128-SHA256:' +
//'ECDHE-RSA-AES256-SHA384:' +
//'DHE-RSA-AES256-SHA384:' +
//'ECDHE-RSA-AES256-SHA256:' +
//'DHE-RSA-AES256-SHA256:' +
'HIGH:' +
'!aNULL:' +
'!eNULL:' +
'!EXPORT:' +
'!DES:' +
'!RC4:' +
'!MD5:' +
'!PSK:' +
'!SRP:' +
'!CAMELLIA';
MServer.IndyServer.IOHandler := IdServerIOHandlerSSLOpenSSL1;
mServer.Active := True;
FSSLContext := TMyIdSSLContext(IdServerIOHandlerSSLOpenSSL1.SSLContext);
SSL_CTX_set_ecdh_auto(FSSLContext.fContext, 1);
end;
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)