OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.
This library is required by components based on Indy Library when a secure connection is needed. If your application requires OpenSSL, you must have necessary files in your file system before deploying your application:
Currently, sgcWebSockets supports: 1.0.2, 1.1 and 3.0 to 3.2 openSSL versions.
| Platform | API 1.0 | API 1.1 | API 3.* | Static/Dynamic Linking |
|---|---|---|---|---|
| Windows (32-bit and 64-bit) | libeay32.dll and ssleay32.dll | libcrypto-1_1.dll and libssl-1_1.dll | libcrypto-3.dll and libssl-3.dll | Dynamic |
| OSX | libcrypto.dylib, libssl.dylib | libcrypto.1.1.dylib, libssl.1.1.dylib | libcrypto.3.dylib, libssl.3.dylib | Dynamic |
| iOS Device (32-bit and 64-bit) | libcrypto.a and libssl.a | libcrypto.a and libssl.a | libcrypto.a and libssl.a | Static |
| iOS Simulator | libcrypto.dylib, libssl.dylib | libcrypto.1.1.dylib, libssl.1.1.dylib | libcrypto.3.dylib, libssl.3.dylib | Dynamic |
| Android Device | libcrypto.so, libssl.so | libcrypto.so, libssl.so | libcrypto.so, libssl.so | Dynamic |
Find below how configure openSSL libraries for every Personality:
sgcWebSockets Indy based components allows to configure some openSSL properties. Access to the following properties:
API Version
Standard Indy library only allow to load 1.0.2 openSSL libraries, these libraries have been deprecated and latest openSSL releases use 1.1.1 API.
sgcWebSockets Enterprise allows to load 1.1.1 openSSL libraries, you can configure in this property which openSSL API version will be loaded. Only one API version can be loaded by process (so you can't mix openSSL 1.0.2 and 1.1.1 libraries in the same application).
LibPath
This property allows to set the location of openSSL libraries. This is useful for Android or OSX projects, where the location of the openSSL libraries must be set.
Accepts the following values:
You can use self-signed certificates for testing purposes, you only need to execute the following command to create a self-signed certificate
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
It will create 2 files: cert.pem (certificate) and key.pem (private key). You can combine both files in a single one. Just create a new file and copy the content of both files on the new file. So you will have an structure like this:
-----BEGIN PRIVATE KEY-----
....
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
SSL_GET_RECORD: wrong version number
This error means that the server and the client are using a different version of SSL/TLS protocol, to fix it, try to set the correct version in Server and/or client component
Server.SSLOptions.Version
Client.TLSOptions.Version
SSL3_GET_RECORD: decryption failed or bad record mac
Usually these error is raised when:
1. Check that you are using the latest OpenSSL version, if is too old, update to latest supported.
2. If this error appears randomly, usually is because more than one thread is accessing to the OpenSSL connection. You can try to set NotifyEvents = neNoSync which means that the events: OnConnect, OnDisconnect, OnMessage... will be fired in the context of thread connection, this avoids some synchronization problems and provides better performance. As a down side, if for example you are updating a visual control in a form when you receive a message, you must implement your own synchronization methods because visual controls are not thread-safe.