问题描述
我在Delphi 2010中将OpenSSL 1.0.2o与Indy 10.6.2一起使用.
这是我到目前为止所做的:
过程TServerForm.FormCreate(Sender:TObject);变种语音提示:PEC_KEY;FSslCtx:PSSL_CTX;SSL:PSSL;FSSLContext:TIdSSLContext;开始//mServer.Active:= True;FSingle:= TCriticalSection.Create;appdir:= ExtractFilePath(ParamStr(0));IdServerIOHandlerSSLOpenSSL1.SSLOptions.RootCertFile:= appdir +'EccCA.pem';IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile:= appdir +'EccSite.key';IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile:= appdir +'EccSite.pem';IdServerIOHandlerSSLOpenSSL1.SSLOptions.DHParamsFile:= appdir +'dhparam.pem';IdServerIOHandlerSSLOpenSSL1.SSLOptions.Method:= sslvTLSv1_2;IdServerIOHandlerSSLOpenSSL1.SSLOptions.SSLVersions:= [sslvTLSv1_2];IdServerIOHandlerSSLOpenSSL1.SSLOptions.CipherList:=//'ECDHE-ECDSA-AES128-GCM-SHA256:'+'ECDHE-RSA-AES128-GCM-SHA256:'+//'ECDHE-RSA-AES256-GCM-SHA384:'+//'ECDHE-ECDSA-AES256-GCM-SHA384:'+//'DHE-RSA-AES128-GCM-SHA256:'+//'ECDHE-RSA-AES128-SHA256:'+//'DHE-RSA-AES128-SHA256:'+//'ECDHE-RSA-AES256-SHA384:'+//'DHE-RSA-AES256-SHA384:'+//'ECDHE-RSA-AES256-SHA256:'+//'DHE-RSA-AES256-SHA256:'+'高:'+'!aNULL:'+'!eNULL:'+'!出口:'+'!DES:'+'!RC4:'+'!MD5:'+'!PSK:'+'!SRP:'+'!茶花';MServer.IndyServer.IOHandler:= IdServerIOHandlerSSLOpenSSL1;mServer.Active:= True;//FSSLContext:= TIdSSLContext(IdServerIOHandlerSSLOpenSSL1.SSLContext);结尾;
有人有好的建议吗?
首先,请确保将Indy版本更新为最新的SVN快照.在之前的讨论与我在Embarcadero论坛上与Roberto Frances进行的讨论之后,我添加了 SSL_CTRL_SET_ECDH_AUTO
和 SSL_CTX_set_ecdh_auto()
到Indy的 IdSSLOpenSSLHeaders
单元.
因此,在其他讨论中,代码中唯一缺少的部分是 TMyIdSSLContext
的定义,我认为仅仅是这样:
类型TMyIdSSLContext =类(TIdSSLContext)结尾;
由于 TIdSSLContext.fContext
成员被声明为受"保护的
",因此声明 TMyIdSSLContext
的单元可以访问 TIdSSLContext
的受保护成员.因此,您的代码将如下所示:
类型TMyIdSSLContext =类(TIdSSLContext)结尾;过程TServerForm.FormCreate(Sender:TObject);变种FSSLContext:TMyIdSSLContext;开始FSingle:= TCriticalSection.Create;appdir:= ExtractFilePath(ParamStr(0));IdServerIOHandlerSSLOpenSSL1.SSLOptions.RootCertFile:= appdir +'EccCA.pem';IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile:= appdir +'EccSite.key';IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile:= appdir +'EccSite.pem';IdServerIOHandlerSSLOpenSSL1.SSLOptions.DHParamsFile:= appdir +'dhparam.pem';IdServerIOHandlerSSLOpenSSL1.SSLOptions.Method:= sslvTLSv1_2;IdServerIOHandlerSSLOpenSSL1.SSLOptions.SSLVersions:= [sslvTLSv1_2];IdServerIOHandlerSSLOpenSSL1.SSLOptions.CipherList:=//'ECDHE-ECDSA-AES128-GCM-SHA256:'+'ECDHE-RSA-AES128-GCM-SHA256:'+//'ECDHE-RSA-AES256-GCM-SHA384:'+//'ECDHE-ECDSA-AES256-GCM-SHA384:'+//'DHE-RSA-AES128-GCM-SHA256:'+//'ECDHE-RSA-AES128-SHA256:'+//'DHE-RSA-AES128-SHA256:'+//'ECDHE-RSA-AES256-SHA384:'+//'DHE-RSA-AES256-SHA384:'+//'ECDHE-RSA-AES256-SHA256:'+//'DHE-RSA-AES256-SHA256:'+'高:'+'!aNULL:'+'!eNULL:'+'!出口:'+'!DES:'+'!RC4:'+'!MD5:'+'!PSK:'+'!SRP:'+'!茶花';MServer.IndyServer.IOHandler:= IdServerIOHandlerSSLOpenSSL1;mServer.Active:= True;FSSLContext:= TMyIdSSLContext(IdServerIOHandlerSSLOpenSSL1.SSLContext);SSL_CTX_set_ecdh_auto(FSSLContext.fContext,1);结尾;
I'm using OpenSSL 1.0.2o with Indy 10.6.2 in Delphi 2010.
This is what I have done so far:
procedure TServerForm.FormCreate(Sender: TObject);
var
LEcdh: PEC_KEY;
FSslCtx: PSSL_CTX;
SSL: PSSL;
FSSLContext: TIdSSLContext;
begin
//mServer.Active := True;
FSingle:=TCriticalSection.Create;
appdir := ExtractFilePath(ParamStr(0));
IdServerIOHandlerSSLOpenSSL1.SSLOptions.RootCertFile := appdir + 'EccCA.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile := appdir + 'EccSite.key';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile := appdir + 'EccSite.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.DHParamsFile := appdir + 'dhparam.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.Method := sslvTLSv1_2;
IdServerIOHandlerSSLOpenSSL1.SSLOptions.SSLVersions := [sslvTLSv1_2];
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CipherList :=
//'ECDHE-ECDSA-AES128-GCM-SHA256:' +
'ECDHE-RSA-AES128-GCM-SHA256:' +
//'ECDHE-RSA-AES256-GCM-SHA384:' +
//'ECDHE-ECDSA-AES256-GCM-SHA384:' +
//'DHE-RSA-AES128-GCM-SHA256:' +
//'ECDHE-RSA-AES128-SHA256:' +
//'DHE-RSA-AES128-SHA256:' +
//'ECDHE-RSA-AES256-SHA384:' +
//'DHE-RSA-AES256-SHA384:' +
//'ECDHE-RSA-AES256-SHA256:' +
//'DHE-RSA-AES256-SHA256:' +
'HIGH:' +
'!aNULL:' +
'!eNULL:' +
'!EXPORT:' +
'!DES:' +
'!RC4:' +
'!MD5:' +
'!PSK:' +
'!SRP:' +
'!CAMELLIA';
MServer.IndyServer.IOHandler := IdServerIOHandlerSSLOpenSSL1;
mServer.Active := True;
//FSSLContext := TIdSSLContext(IdServerIOHandlerSSLOpenSSL1.SSLContext);
end;
This does not work.
Does anyone have good suggestions?
First off, make sure that you update your version of Indy to the latest SVN snapshot. After the previous discussion I had with Roberto Frances on the Embarcadero forums, I added SSL_CTRL_SET_ECDH_AUTO
and SSL_CTX_set_ecdh_auto()
to Indy's IdSSLOpenSSLHeaders
unit.
So, the only piece missing from the code in that other discussion is the definition of TMyIdSSLContext
, which I assume is simply this:
type
TMyIdSSLContext = class(TIdSSLContext)
end;
Since the TIdSSLContext.fContext
member is declared as protected
, the unit that declares TMyIdSSLContext
gains access to TIdSSLContext
's protected members. Thus, your code can then look like this:
type
TMyIdSSLContext = class(TIdSSLContext)
end;
procedure TServerForm.FormCreate(Sender: TObject);
var
FSSLContext: TMyIdSSLContext;
begin
FSingle := TCriticalSection.Create;
appdir := ExtractFilePath(ParamStr(0));
IdServerIOHandlerSSLOpenSSL1.SSLOptions.RootCertFile := appdir + 'EccCA.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile := appdir + 'EccSite.key';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile := appdir + 'EccSite.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.DHParamsFile := appdir + 'dhparam.pem';
IdServerIOHandlerSSLOpenSSL1.SSLOptions.Method := sslvTLSv1_2;
IdServerIOHandlerSSLOpenSSL1.SSLOptions.SSLVersions := [sslvTLSv1_2];
IdServerIOHandlerSSLOpenSSL1.SSLOptions.CipherList :=
//'ECDHE-ECDSA-AES128-GCM-SHA256:' +
'ECDHE-RSA-AES128-GCM-SHA256:' +
//'ECDHE-RSA-AES256-GCM-SHA384:' +
//'ECDHE-ECDSA-AES256-GCM-SHA384:' +
//'DHE-RSA-AES128-GCM-SHA256:' +
//'ECDHE-RSA-AES128-SHA256:' +
//'DHE-RSA-AES128-SHA256:' +
//'ECDHE-RSA-AES256-SHA384:' +
//'DHE-RSA-AES256-SHA384:' +
//'ECDHE-RSA-AES256-SHA256:' +
//'DHE-RSA-AES256-SHA256:' +
'HIGH:' +
'!aNULL:' +
'!eNULL:' +
'!EXPORT:' +
'!DES:' +
'!RC4:' +
'!MD5:' +
'!PSK:' +
'!SRP:' +
'!CAMELLIA';
MServer.IndyServer.IOHandler := IdServerIOHandlerSSLOpenSSL1;
mServer.Active := True;
FSSLContext := TMyIdSSLContext(IdServerIOHandlerSSLOpenSSL1.SSLContext);
SSL_CTX_set_ecdh_auto(FSSLContext.fContext, 1);
end;
这篇关于如何在Indy 10中启用完全正向保密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!