As I am sure many of you are aware, Indy does not yet natively support OpenSSL v1.1.0 and later (ie for TLS 1.3).
There is an old PR still open in Indy’s GitHub repo which covers this task, however it never got a full review and so never got merged into the main Indy library (that is on me!). The original author decided several months ago to abandon this PR to focus on a different approach to updating OpenSSL support in Indy.
And there is a separate PR for similar updates to support newer OpenSSL.
So, there is plenty of community interest in getting this issue resolved.
Embarcadero is also keenly interested in getting the latest OpenSSL into Indy so that RAD Studio can take advantage of it. Quite a few customers have approached Embarcadero about this issue. Embarcadero recently reached out to me about this, and so a new venture has begun involving myself, Embarcadero, and a few other 3rd party devs so far. If anyone else wants to join in, feel free to contact me!
As part of initial discussions, it has been suggested that Indy’s current OpenSSL code should be split out into its own package and then we can update that package to support the latest OpenSSL. To help with this effort, I have created a new GitHub repo while we iron out the details.
So, let’s all say a warm welcome to … (drum roll) … the new IndyTLS-OpenSSL repo!
What the final result will look like is unknown at this time – whether it will be updates to the existing SSLIOHandler components, or it will be whole new components (akin to the previous PR) – but either way, when it is ready for release then the main Indy library will be updated accordingly.
In theory, this should help make it easier to keep Indy up-to-date with future OpenSSL releases (fingers crossed!) as it will be a more isolated project. It also opens the door to how other SSLIOHandler projects may be managed in the future (SChannel, etc).
2 thoughts on “Ongoing work in Indy for OpenSSL updates”
Great work this something we have been looking for. While more and more systems using the latest version of OpenSSL would love Indy to be updated too.
@Jonathan, that’s the idea.
Comments are closed.