handling of setting Openssl 3 security level
By Guest on Friday, 12 September 2025
Posted in General
Replies 2
Likes 0
Views 24.7K
Votes 0
We have some old certificates that does not comply with the default minimum security level in openssl 3. Loading these certificates is rejected by openssl 3.
We have then tried to set SSLOptions.CipherList = 'DEFAULT:@SECLEVEL=0', but that does not work either.
We have then modified the sgcIdSSLOpenSSL.pas to call SSL_CTX_set_cipher_list prior to loading the certificates and now it works.
This looks like an error in sgcIdSSLOpenSSL.pas, since the CipherList content is also used to set the security level which influences the loading of certificates and should be corrected.
Hello,

I'll dig into the openssl documentation to check this issue and provide a fix if required. I'll get back to you with a response.
Thanks for the feedback.

Kind Regards,
Sergio
Admin
·
2 months ago
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello,

I've published a new beta to address this issue, now the function SSL_CTX_set_cipher_list is called before loading the certificates. Thanks for the feedback.

Kind Regards,
Sergio
Admin
·
2 months ago
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post