eSeGeCe
software
Delphi Indy Server EC Certificates
Indy supports RSA and EC Certificates when using the openSSL libraries, but by default, the EC certificates can be created different curves and the openSSL libraries only are configured with some of these curves. So if you're using an EC Certificate that it's not included by the default by the openSSL libraries, the certificate won't work properly.
To avoid this issue, now the Indy servers include a new property called CurveList where you can set the curve names supported.
The CurveList property is also supported by our free sgcIndy library.
Example
To configure an EC certificate that is using the brainpoolP256r1 curve, set the following curves before start the connection (this applies to server and client components).
// client component TsgcWebSocketClient1.TLSOptions.OpenSSL_Options.CurveList := 'P-521:P-384:P-256:brainpoolP256r1'; // server component TsgcWebSocketHTTPServer1.SSLOptions.OpenSSL_Options.CurveList := 'P-521:P-384:P-256:brainpoolP256r1';
This way, the client will support the standard curves (like the secp256r1 curve) and additionally the brainpoolP256r1 curve.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
