Delphi Indy Server EC Certificates

Indy supports RSA and EC Certificates when using the openSSL libraries, but by default, the EC certificates can be created different curves and the openSSL libraries only are configured with some of these curves. So if you're using an EC Certificate that it's not included by the default by the openSSL libraries, the certificate won't work properly.

To avoid this issue, now the Indy servers include a new property called CurveList where you can set the curve names supported.

The CurveList property is also supported by our free sgcIndy library.


To configure an EC certificate that is using the brainpoolP256r1 curve, set the following curves before start the connection (this applies to server and client components).

// client component
TsgcWebSocketClient1.TLSOptions.OpenSSL_Options.CurveList := 'P-521:P-384:P-256:brainpoolP256r1';

// server component
TsgcWebSocketHTTPServer1.SSLOptions.OpenSSL_Options.CurveList := 'P-521:P-384:P-256:brainpoolP256r1'; 

This way, the client will support the standard curves (like the secp256r1 curve) and additionally the brainpoolP256r1 curve.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Delphi CEX Plus API Client
Azure IoT Upload Files

Related Posts