TsgcWebSocketLoadBalancerServer › Properties › SSLOptions
Holds certificate paths, TLS version selection and OpenSSL tuning for the load balancer's TLS listener.
property SSLOptions: TsgcWSSSL_Options read FSSLOptions write SetSSLOptions;Version=tlsUndefined, VerifyCertificate=False
Supply the certificate material before activating the load balancer when SSL is True: RootCertFile, CertFile and KeyFile point to PEM files (use the same path for all three when the file contains the full chain), and Password is required only if the private key is encrypted. Set VerifyCertificate to True to request and validate client certificates (sub-options FailIfNoCertificate and VerifyClientOnce refine the check) with VerifyDepth controlling chain length; this is useful when the registering backends must present a client certificate for mutual TLS. Version picks a specific TLS version (tls1_0, tls1_1, tls1_2, tls1_3) or leaves negotiation open (tlsUndefined). OpenSSL_Options exposes low-level knobs: APIVersion (oslAPI_1_0/oslAPI_1_1/oslAPI_3_0), LibPath/LibPathCustom, UnixSymLinks, ECDHE, CipherList, CurveList, MinVersion and X509Checks.
oServer := TsgcWebSocketLoadBalancerServer.Create(nil);
oServer.SSL := true;
oServer.SSLOptions.CertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.KeyFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.RootCertFile := 'c:\certificates\mycert.pem';
oServer.SSLOptions.Version := tls1_3;
oServer.SSLOptions.OpenSSL_Options.MinVersion := tls1_2;
oServer.SSLOptions.Port := 443;
oServer.Active := true;