CODEWITHSUNDEEP
delphitcptls1.2
user734781
user734781

Reputation: 273

How to connect to a server using OpenSSL and Delphi, not sure if I need a IOHandler such as IdSSLIOHandlerSocketOpenSSL1

How do I connect to a server using OpenSSL and Delphi? I'm not sure if I need an IOHandler, such as TIdSSLIOHandlerSocketOpenSSL.

The server is not currently performing client authentication at the TLS level. As such, client certificates are not required. A standard X.509 v3 certificate signed by a third party CA (Certificate Authority) is being utilized by the server.

I have copied the OpenSSL DLLs to my application folder.

I can connect to the server without the use of the IOHandler. I'm not sure if it's a secured connection or not.

Without the IOHandler, it connects just fine, but I don't know if it is securely connected. Here is the code:

procedure TFrmMain.Button1Click(Sender: TObject);
begin
  With IdSSLIOHandlerSocketOpenSSL1 do
  begin
    Destination := 'dev-eclaimsrx.relayhealth.com:18009';
    Host := 'dev-eclaimsrx.relayhealth.com';
    Port := 18009;
    SSLOptions.Method := sslvTLSv1_2;
  end;

  IdTCPClient1.IOHandler := IdSSLIOHandlerSocketOpenSSL1;
  IdTCPClient1.Host := 'dev-eclaimsrx.relayhealth.com';
  IdTCPClient1.Port := 18009;
  IdTCPClient1.Connect;
end;

Upvotes: 0

Views: 818

Answers (1)

EugeneK
EugeneK

Reputation: 2224

It is secure only in that the data transfer is encrypted between the client and server and cannot be intercepted, but it is not fully secure because the client does not verify the server's identity. To do that, you need to enable the sslvrfPeer flag in the TIdSSLIOHandlerSocketOpenSSL.SSLOptions.VerifyMode property (and optionally the sslvrfFailIfNoPeerCert flag), and you should also check the server's certificate values in the TIdSSLIOHandlerSocketOpenSSL.OnVerifyPeer event.

Upvotes: 1

Related Questions