Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to determine which TLS/SSL protocol was negotiated when using sslvSSLv23?

I am using TIdSSLIOHandlerSocketOpenSSL to open a TLS/SSL connection. I currently want to support tls 1.0 to 1.2.

I initialize the IOHandler like this.

TIdSSLIOHandlerSocketOpenSSL(FSocket.IOHandler).SSLOptions.SSLVersions := [sslvTLSv1_2,sslvTLSv1_1, sslvTLSv1];

After the connection is made, how can I get which protocol was negotiated for the connection? (Both for ensuring the configuration of both the client and test server is correct, and eventually for statistics purpose).

I checked SSLContext.Method after the connection, but it still shows sslvSSLv23 after the connection. SSLContext.SSLVersions shows [sslvTLSv1_2,sslvTLSv1_1, sslvTLSv1].

So how do I get that information?

like image 845
Ken Bourassa Avatar asked Dec 13 '16 17:12

Ken Bourassa


Video Answer


1 Answers

The specific negotiated protocol is in the TIdSSLIOHandlerSocketOpenSSL.SSLSocket.Cipher.Version property after the SSL/TLS session is established. OpenSSL also has a SSL_get_version() function (which Indy does not use, but you can call directly).

like image 94
Remy Lebeau Avatar answered Sep 26 '22 06:09

Remy Lebeau