Secure Connections

Supported by

 

  TsgcWebSocketServer

  TsgcWebSocketHTTPServer

  TsgcWebSocketClient

  Web Browsers

 

SSL support is based on Indy implementation, so you need to deploy openssl libraries in order to use this feature.

TsgcWebSocketClient supports Microsoft SChannel, so there is no need to deploy openssl libraries for windows 32 and 64 bits if SChannel option is selected in WebSocket Client.

 

 

Server Side

 

To enable this feature, you need to enable the following property:

 

SSL/ Enable

 

There are other properties that you need to define:

 

SSLOptions/ CertFile/ KeyFile/ RootCertFile: you need a certificate in .PEM format in order to encrypt websocket communications.

 

SSLOptions/ Password: this is optional and only needed if the certificate has a password.

 

SSLOptions/ Port: port used on SSL connections.

 

 

 

Client Side

 

To enable this feature, you need to enable the following property:

 

TLS/ Enable

 

 

OpenSSL

 

By default, client and server components based on Indy make use of openSSL libraries when connect to secure websocket servers.

Indy only supports 1.0.2 openssl API so API 1.1 is not supported. If you compile sgcWebSockets with our custom Indy library you can make use of API 1.1 and select TLS 1.3 version. Just select in OpenSSL_Options properties which openSSL API would you use:

 

• oslAPI_1_0: it's default indy API, you can use standard Indy package with openssl 1.0.2 libraries.

• oslAPI_1_1: only select if you are compiling sgcWebSockets with our custom Indy library (Enterprise Edition). Will use openssl 1.1.1 libraries.

• oslAPI_3_0: only select if you are compiling sgcWebSockets with our custom Indy library (Enterprise Edition). Will use openssl 3.0.0 libraries.

• ECDHE: allows to enable ECDHE for TLS 1.2 (more secure connections).

 

 

Events

 

There are 2 events which can be used to customize your SSL settings:

OnSSLGetHandler

This event is raised before SSL handler is created, you can create here your own SSL Handler (needs to be inherited from TIdServerIOHandlerSSLBase or TIdIOHandlerSSLBase) and set the properties needed

procedure OnServerSSLGetHandler(Sender: TObject; aType: TwsSSLHandler; var aSSLHandler:
TIdServerIOHandlerSSLBase);
begin
  aSSLHandler := TCustomSSLHandler.Create(nil);
  ...
end;

OnSSLAfterCreateHandler

If no custom SSL object has been created, it creates by default using OpenSSL handler. You can access to SSL Handler properties and modify if needed

procedure OnSSLAfterCreateHandler(Sender: TObject; aType: TwsSSLHandler; aSSLHandler:
TIdServerIOHandlerSSLBase);
begin
  TIdServerIOHandlerSSLOpenSSL(aSSLHandler).SSLOptions.Method := sslvTLSv1_2;
end;

 

 

Microsoft SChannel

 

From sgcWebSockets 4.2.6 you can use SChannel instead of openssl (only for windows from Windows 7+). This means there is no need to deploy openssl libraries. TLS 1.0 is supported from windows 7 but if you need more modern implementations like TLS 1.2 in Windows 7 you must enable TLS 1.1 and TLS 1.2 in Windows Registry.

Requires Delphi 2010 Professional Edition (or Enterprise Edition for Delphi 7, 2007 and 2009).