SChannel Cipher List and Connection Info

From sgcWebSockets 4.5.1 SChannel has been improved with 2 new features:

1. There is a new property in TLSOptions.SChannel_Options called CipherList where you can set which Ciphers will be used.

2. There is a new function called GetInfo which returns the info like Protocol used (TLS1.2, TLS1.1...), the cipher, cipher strength... and more

Cipher List 

By default, using SChannel, the client will use the ciphers configured in the system. If you want customize the ciphers used, you can use the property TLSOptions_SChannel_Options.CipherList to set which Ciphers will be used to connect to a secure server.

Example: if you set in the cipher list the following values "CALG_AES_256:CALG_AES_128", this means that first the client will try to connect using AES256 and if can't, will use AES128. 

You can read the full cipher list from Microsoft documentation.

Connection Info 

Once the client has connected to the secure server, you can request info about which Version is using (TLS 1.2, TLS 1.3...), the cipher used, strength... and more.

Call the function GetInfo of the SChannel Handler to access this info. You can access to the SSL Handler, using the method OnSSLAfterCreateHandler, which is called after the SChannel Handler is created. After the client connects to server and if the SSL Handler is assigned, call the function GetInfo and if successful, will return the connection data.

  SSL: TsgcIdSSLIOHandlerSocketSChannel;

oClient := TsgcWebSocketClient.Create(nil);
oClient.URL := 'wss://';
oClient.TLSOptions.Version := tls1_2;
oClient.TLSOptions.IOHandler := iohSChannel;
oClient.OnSSLAfterCreateHandler := OnSSLAfterCreateHandlerEvent;
oClient.OnConnect := OnConnectEvent;
oClient.Active := True;

procedure OnSSLAfterCreateHandlerEvent(Sender: TObject; aType: TwsSSLHandler; aSSLHandler: TIdSSLIOHandlerSocketBase);
  if aSSLHandler.ClassType = TsgcIdSSLIOHandlerSocketSChannel  then
    SSL := TsgcIdSSLIOHandlerSocketSChannel(aSSLHandler);

procedure OnConnectEvent(Connection: TsgcWSConnection);
  oInfo: TsgcSChannelConnectionInfo;
  if Assigned(SSL) then
    oInfo := SSL.GetInfo;
    if (oInfo.Protocol <> tls1_2) then
      raise Exception.Create('Client cannot connect using TLS 1.2');
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Delphi RCON Client
sgcWebSockets 4.5.0

Related Posts