OpenSSL 3 Legacy support

OpenSSL 3.0 moved several deprecated or insecure algorithms into an internal library module called legacy provider. It is not loaded by default, so apps (or their language runtimes) that use OpenSSL for cryptographic operations cannot use such algorithms when loading certificates, creating message digests ...

If you try to load a p12 certificate for example you'll get an error. If you want to load a p12 certificate using the sgcIndy or sgcWebSockets you must deploy the legacy.dll library and enable some properties in the components.

Currently you can download the legacy.dll with the latest openSSL 3.3 version.

sgcWebSockets

  • Set the property OpenSSL_Options.Legacy.Enabled to True.
  • Set the location of the Legacy library.
    • OpenSSL_Options.Legacy.LibPath: here you can configure where is located the legacy library
      • oslpNone: this is the default, the legacy library should be in the same folder where is the binary or in a known path.
      • oslpDefaultFolder: sets automatically the legacy library path where the libraries should be located for all IDE personalities.
      • oslpCustomFolder: if this is the option selected, define the full path in the property LibPathCustom.
    • OpenSSL_Options.Legacy.LibPathCustom: when LibPath = oslpCustomFolder define here the full path where are located the legacy library.

sgcIndy

  1. Set the property SSLOptions.Legacy to True.
  2. Before start the server or client, set the path where the legacy.dll library it's located. Use the function IdOpenSSLSetOSSLPath and pass the path as argument.
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

sgcWebSockets 2024.8
sgcWebSockets 2024.7

Related Posts