TsgcWebSocketProxyServer › Properties › SSLOptions
Holds certificate paths, TLS version selection and OpenSSL tuning for the downstream TLS listener.
property SSLOptions: TsgcWSSSL_Options read FSSLOptions write SetSSLOptions;Version=tlsUndefined, VerifyCertificate=False
Supply the certificate material before activating the proxy when SSL is True: RootCertFile, CertFile and KeyFile point to PEM files (use the same path for all three when the file contains the full chain), and Password is required only if the private key is encrypted. Set VerifyCertificate to True to request and validate client certificates (sub-options FailIfNoCertificate and VerifyClientOnce refine the check) with VerifyDepth controlling chain length. Version picks a specific TLS version (tls1_0, tls1_1, tls1_2, tls1_3) or leaves negotiation open (tlsUndefined). OpenSSL_Options exposes low-level knobs: APIVersion (oslAPI_1_0/oslAPI_1_1/oslAPI_3_0), LibPath/LibPathCustom for locating the OpenSSL binaries, UnixSymLinks, ECDHE, CipherList, CurveList, MinVersion and X509Checks for hostname/IP validation. These settings apply to the downstream leg only; the upstream TLS leg is enabled through Proxy.TLS.
oProxy := TsgcWebSocketProxyServer.Create(nil);
oProxy.SSL := true;
oProxy.SSLOptions.CertFile := 'c:\certificates\mycert.pem';
oProxy.SSLOptions.KeyFile := 'c:\certificates\mycert.pem';
oProxy.SSLOptions.RootCertFile := 'c:\certificates\mycert.pem';
oProxy.SSLOptions.Version := tls1_3;
oProxy.SSLOptions.OpenSSL_Options.MinVersion := tls1_2;
oProxy.SSLOptions.Port := 443;
oProxy.Proxy.Host := 'upstream.example.com';
oProxy.Proxy.Port := 8080;
oProxy.Active := true;