Difference between revisions of "ICS Download"

From Overbyte
Jump to navigation Jump to search
(24 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
'''ICS versions available:'''
 
'''ICS versions available:'''
  
*'''ICS-V8''' for Delphi 7 / C++ Builder 2006 to Delphi XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio / C++ Builder XE3 and 10.2 Tokyo with FireMonkey cross platform support for POSIX/MacOS, also IPv6 support (main development tree, 32 and 64-bit).  
+
*'''ICS-V8''' for Delphi 7 / C++ Builder 2006 to Delphi XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio / C++ Builder XE3, 10.2 Tokyo and 10.3 Rio with FireMonkey cross platform support for POSIX/MacOS, also IPv6 support (main development tree, 32 and 64-bit).  
 
*'''ICS-V7''' for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder XE3 (stable release, no new development, please upgrade to V8).  
 
*'''ICS-V7''' for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder XE3 (stable release, no new development, please upgrade to V8).  
 
*'''ICS-V6''' for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder 2007 (discontinued and obsolete, please upgrade to V7 if you do not have to support Windows versions < W2K).
 
*'''ICS-V6''' for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder 2007 (discontinued and obsolete, please upgrade to V7 if you do not have to support Windows versions < W2K).
Line 9: Line 9:
  
 
== ICS News ==
 
== ICS News ==
 +
Major Changes in '''ICS V8.63''' include:
 +
 +
# IcsHosts is now supported in all the main ICS server components, TWSocketServer, TSslHttpServer, TSslHttpAppSrv, TIcsProxy, TIcsHttpProxy, TIcsIpStrmLog and TSslFtpServer.  This simplifies server applications which do not need to setup an SSL context, can easily support multiple listeners and hosts, and can automatically order and install SSL/TLS certificates from Let's Encrypt and commercial suppliers. # There are several changes relating to automatic certificate ordering, mostly cosmetic based on experience adding the feature into more applications with a few issues fixed during testing with better logging.
 +
# Made improvements to handle the OAuth2 version used by Google Accounts, allowing the REST component to access Google APIs such as Gmail.
 +
# Did a major refresh of the three SSL/TLS trusted root certificate bundles included with ICS, to add new roots from Amazon and others, and remove untrusted certificates.
 +
# There are improvements in TFtpCli to access FTP servers behind NAT routers where the internal and external IP addresses are different and not correctly handled by the FTP server.
 +
# The TSslFtpServer component now uses the IcsHosts concept added to the web and proxy servers two years ago, see above. There is a new IcsHosts property which allows multiple hosts to be specified. Also fixed ftpsNoPasvIpAddrInLan and ftpsNoPasvIpAddrSameSubnet options to work correctly to present local passive IP address on LANs.
 +
# The TIcsIpStrmLog component will now start despite non-fatal SSL/TLS certificate warnings, and may be used with self signed certificates. The OverbyteIcsIpStmLogTst sample shows how to restart the TCP server after the first SSL/TLS certificate is automatically installed.
 +
 +
[[ICS_V8.63 | Detailed ICS 8.63 Release Notes]]
 +
 +
Major Changes in '''ICS V8.62''' include:
 +
 +
# The HTTP client has new properties. There is a new THttpAuthType of httpAuthJWT which uses the AuthBearerToken property for Json Web Token authentication. A new ProxyURL property combines four proxy properties as a URL for simplicity, ie http://[user[:password]@]host:port. The new AlpnProtocols property is a request list sent when an SSL connection starts, once connected GetAlpnProtocol returns which protocol the server wants to uses.
 +
# Various improvements for automatic X509 SSL certificate ordering to support final ACME RFC8555. AcmeV2 now supports POST-as-GET, GET alone being removed later in 2019. Added Proxy URL support, might be needed for servers behind NAT firewalls for public access. Added support tls-alpn-01 challenge for local web server on 443, but not working yet.
 +
# SocketServer now uses a separate local web server for servers not using ports 80 or 443 such as FTP, SMTP, proxies, etc, When ordering X509 SSL certificate using ChallFileSrv challenge.
 +
# TWsocket now raises a background exception for user exceptions in the OnDataAvailable event rather than silently ignoring them. If IcsLogger is being used, HandleBackGroundException now logs exceptions and their source to make them easier to find.
 +
# In the TSslHttpRest component, TRestParams can add Json parameters as PContJson which means arrays and nested Json can be added. Added a new SslAllowSelfSign property to connect OK to sites with self signed SSL certificates which would normally fail validation.
 +
# TSimpleWebSrv now supports SSL, with certificate bundle and host name, and supports the SSL ALPN extension for automatic X509 SSL certificate ordering.
 +
# The new TIcsSms component adds support for SMS Works bureau at https://thesmsworks.co.uk/ to send SMS messages, cheaper than Kapow, and allows sender ID to be freely changed.
 +
# Updated all .dproj files for all samples to add the ICS source folder to the search path of each project. 
 +
# Added Time Zone support for date string conversions, to UTC time with a time zone, and back to local time using a time zone, primarily for SMTP email headers which otherwise show UTC time.
 +
# TIcsIpStrmLog using TCP server now uses the root bundle correctly and reports the certificate chain and bindings. Ensure all listeners started for TCP Server, if more than one.
 +
 +
[[ICS_V8.62 | Detailed ICS 8.62 Release Notes]]
 +
 +
Major Changes in '''ICS V8.61''' include:
 +
 +
# Added two new components using the new HTTPS REST component, which are both useful and illustrate how simply they can created, TIcsSms and TDnsQueryHttps, both in the OverbyteIcsSslHttpRest.pas unit with demos in OverbyteIcsHttpRestTst.
 +
# The new TIcsSms component sends SMS text messages via an HTTP bureau, you will need an account. Initially supporting https://www.kapow.co.uk/.
 +
# The new TDnsQueryHttps component makes DNS queries over HTTPS (DOH), to ensure integrity and privacy from interception by ISPs or proxies. The original TDnsQuery component has also been updated to support all the common queries and return them in using a single AnswerRecord array.
 +
# Improved HTTP client and server NTLM authentication by adding Single Sign On with NTLM Session on Windows Domain to get credentials without needing them specified in code.
 +
# Various improvements in the HTTPS REST, HTTP client and FTP client.
 +
# Fixed SSL certificate ValidateCertChain to check certificate start and expiry dates in UTC time instead of local time. 
 +
# The Browser Demo sample using HtmlViewer now correctly supports authentication methods where a site requires a login, and has an improved log window that no longer slows down display of complex pages.
 +
 +
[[ICS_V8.61 | Detailed ICS 8.61 Release Notes]]
 +
 +
Major changes in '''ICS V8.60''' include:
 +
 +
# Added several new components and sample applications created by Magenta Systems Ltd over the past 17 years and previously distributed and installed separately to the ICS distribution.  Bundling them with ICS makes installation and updating easier, and allows existing ICS samples to make use of many the new components, such as UTF-8 file logging. All the components have new names so existing applications using the originally distributed versions will still work, but it's recommended updating existing applications for the new ICS versions. The added components include IP stream logging, SMTP Mail Queue, Time Server and Client, Whois client, blacklisting of malicious IP addresses, file logging functions, file indexing, copying and deleting, FTP indexing, multiple file uploading and downloading, HTTP page parsing and URL downloading.
 +
# In THttpCli, only follow relocation for 3xx response codes, not 201 Created, but keep Location property for 201 which is often response to a POST and may be needed by the application.
 +
# When starting TWSocket Connect, the IP address chosen for DNS lookup is now saved in ASCII as AddrResolvedStr which is useful in connect OK or failed events to see whether an IPV4 or IPv6 address was chosen, and which was used if DNS offered multiple IPs. AddrResolvedStr is exposed as a property in TWSocket, THttpCli, TSslHttpRest and TFFtpClient and reports in failed connection events.  Other clients will be added soon.
 +
# Various samples have been updated to ease testing of IPv6 and to save the diagnostic window activity to a disk log file, OverbyteIcsHttpsTst, OverbyteIcsHttpRestTst, OverbyteIcsTimeTst, OverbyteIcsX509CertsTst.
 +
# Added round robin DNS lookup if DNSLookup returns multiple IP addresses, so they are used in turn after a failure when a component is called repeatedly without being freed.  This is implemented in THttpCli, TSslHttpRest TFFtpClient and TIcsTimeClient.  Other clients will be added soon.  There is a new OnSelectDns event to override round robin lookup and make your own choice. By default, the DNS lookup in ICS components ignores IPv6 addresses and always use the first IPv4 address offered, when there is more than one. This is usually implemented in the OnDnsLookupDone event in the application or high level component.  So if that first address does not respond, the application never tries any other addresses. This has become more of a problem when enabling applications for IPv6, by changing SocketFamily from the default sfIPv4, to sfAny, sfAnyIPv4 (prefer IPv4), sfAnyIPv6 (prefer IPV6) or sfIPv6 (only IPv6), when IPv6 addresses may also be returned as well as IPv4.  Due to routing or firewall issues, IPv4 and IPv6 might not both be available and so connection will fail if that address is chosen first.  Previously it was necessary to restrict SocketFamily so only the working family is attempted. The DNS round robin implementation relies on keeping the last successful connected IP address, so it can be re-used for subsequent connections, but looping through any alternative addresses if the last connection failed, for subsequent connection attempts. Most existing applications use the OnDnsDone event to select the connection IP address so the round robin code is added there. Newer applications making use of TWSocket ComponentOptions wsoAsyncDnsLookup should added code in OnDNSLookupDone and update the DnsResult property which is then used by Connect.
 +
# IcsHosts supports two new TSslSrvSecurity server security levels, sslSrvSecTls12Less and sslSrvSecTls13Only, the former disables TLS1.3 in ICS servers if TLSv1.3 fails (perhaps a bad client implementation) while the second only supports TLSv1.3.
 +
# Up to date C++ packages are included for 10.2 Tokyo and 10.3 Rio. Information on installing ICS for C++ 2007 may be found at: https://en.delphipraxis.net/topic/844-use-ics-with-c-builder-2007/ . Sorry, currently don't believe it's easy to update the ICS source code to avoid the changes needed for C++ 2007.
 +
 +
[[ICS_V8.60 | Detailed ICS 8.60 Release Notes]]
 +
 +
Changes in '''ICS V8.59''' include:
 +
 +
# Now includes OpenSSL 1.1.1a and 1.0.2q binaries.
 +
# Now builds again without USE_SSL define.
 +
# Added AUTO_X509_CERTS define to remove a lot of units if automatic SSL/TLS certificate ordering is not required, saves up to 350KB of code in servers.
  
 
Major changes in '''ICS V8.58''' include:
 
Major changes in '''ICS V8.58''' include:
Line 41: Line 96:
 
Older versions are only here for very old compilers and don't have current SSL support.
 
Older versions are only here for very old compilers and don't have current SSL support.
  
== Latest Stable Version ICS V8.58 - recommended ==
+
== Latest Stable Version ICS V8.63 - recommended ==
  
This is the latest recommended version, which has been tested and used for various published ICS application.  It is updated for new releases of RAD Studio and major changes. V8.58 is the version displayed when RAD Studio starts and by the main unit OverbyteIcsWSocket.  Note these versions include the latest version of the OpenSSL DLLs at the time of release.   
+
This is the latest recommended version, which has been tested and used for various published ICS application.  It is updated for new releases of RAD Studio and major changes. V8.63 is the version displayed when RAD Studio starts and by the main unit OverbyteIcsWSocket.  Note these versions include the latest version of the OpenSSL DLLs at the time of release.   
  
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
Line 49: Line 104:
 
! Download !! Platforms
 
! Download !! Platforms
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv858.zip ICS-V8.58] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.1.  
+
| [http://{{SERVERNAME}}/arch/icsv863.zip ICS-V8.63] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1d.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv863-D103.zip ICS-V8.63] || Delphi 10.3 Rio only. Includes OpenSSL 1.1.1d.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv863-D102.zip ICS-V8.63] || Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.1d.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv863-D101.zip ICS-V8.63] || Delphi 10.1 Berlin only. Includes OpenSSL 1.1.1d.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv862.zip ICS-V8.62] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1c.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv862-D103.zip ICS-V8.62] || Delphi 10.3 Rio only. Includes OpenSSL 1.1.1c.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv862-D102.zip ICS-V8.62] || Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.1c.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv862-D101.zip ICS-V8.62] || Delphi 10.1 Berlin only. Includes OpenSSL 1.1.1c.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv861.zip ICS-V8.61] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1b.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv860.zip ICS-V8.60] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1b.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv859.zip ICS-V8.59] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.1a.
 +
|- style="background:#fff;"
 +
| [http://{{SERVERNAME}}/arch/icsv858.zip ICS-V8.58] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.1.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv858-D103.zip ICS-V8.58] || Delphi 10.3 Rio only. Includes OpenSSL 1.1.1.
 
| [http://{{SERVERNAME}}/arch/icsv858-D103.zip ICS-V8.58] || Delphi 10.3 Rio only. Includes OpenSSL 1.1.1.
Line 84: Line 161:
 
|}
 
|}
  
From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of third party components, and allows them to be automatically downloaded and installed.  The same stable ICS versions listed above should be available from GetIt.  Beware GetIt install each new version in a new directory.  GetIt currently installs V8.58.  
+
From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of third party components, and allows them to be automatically downloaded and installed.  The same stable ICS versions listed above should be available from GetIt.  Beware GetIt install each new version in a new directory.  GetIt currently installs V8.58.
  
 
== Zipped Daily Snapshots ==
 
== Zipped Daily Snapshots ==
Line 140: Line 217:
 
OpenSSL 1.1.0 is a major new version with new DLL file names and many different exports, and requires ICS V8.33 dated 29th August 2016, or later. Generally, applications need not be changed, but there are several new SSL features in V8.33 that should be studied.  Beware the OpenSSL 1.1.0 and later DLLs may not be used with any existing SSL applications until they have been specifically updated to support all the changes. ICS V8.33 to V8.56 include the Win32 and Win64 OpenSSL 1.1.0 files. Support ceases for 1.1.0 in September 2019.  
 
OpenSSL 1.1.0 is a major new version with new DLL file names and many different exports, and requires ICS V8.33 dated 29th August 2016, or later. Generally, applications need not be changed, but there are several new SSL features in V8.33 that should be studied.  Beware the OpenSSL 1.1.0 and later DLLs may not be used with any existing SSL applications until they have been specifically updated to support all the changes. ICS V8.33 to V8.56 include the Win32 and Win64 OpenSSL 1.1.0 files. Support ceases for 1.1.0 in September 2019.  
  
OpenSSL 1.1.1 is the latest long term support version and adds support for TLSv1.3 RFC8446 and various new cryptographic private key and hash digest types.  Delphi applications require ICS V8.57 or later.  ICS V8.57 and later include the Win32 and Win64 OpenSSL 1.1.1 files. This version will be supported until 2023.  
+
OpenSSL 1.1.1 is the latest long term support version and adds support for TLSv1.3 RFC8446 and various new cryptographic private key and hash digest types.  Delphi applications require ICS V8.57 or later.  ICS V8.57 and later include the Win32 and Win64 OpenSSL 1.1.1 files. This version will be supported until 2023. OpenSSL 1.1.1 only supports Windows Vista and later, not XP.
 +
 
 +
The next major version of OpenSSL will be 3.0.0 due for release in 2020, with a FIPS module. No major ICS changes will be needed to support 3.0.0. 
  
 
Firefox version 63 and Chrome 71 both support TLSv1.3 final RFC8446, note Chrome has settings for older beta versions that must be disabled.
 
Firefox version 63 and Chrome 71 both support TLSv1.3 final RFC8446, note Chrome has settings for older beta versions that must be disabled.
  
The OpenSSL DLLs and EXE files included in the latest zips below are digitally code signed 'Open Source Developer, François PIETTE', the lead developer for ICS.  ICS V8.38 and later check the DLLs are correctly signed when opening them.  
+
The OpenSSL DLLs and EXE files included in the latest zips below are digitally code signed 'Open Source Developer, François PIETTE', the lead developer for ICS.  ICS V8.38 and later check the DLLs are correctly signed when opening them. Beware that Windows needs recent root certificates to check newly signed code, and may give an error if the root store has not been kept current by Windows Update, particularly on older versions of Windows such as XP, Vista and 7.   
 
   
 
   
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
Line 150: Line 229:
 
! Date !! Download !! Description !! Comments
 
! Date !! Download !! Description !! Comments
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.1a-win64.zip OpenSSL Binaries Win-64 1.1.1a requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed.
+
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.1.1d-win64.zip OpenSSL Binaries Win-64 1.1.1d requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
 +
|- style="background:#fff;"
 +
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.1.1d-win32.zip OpenSSL Binaries Win-32 1.1.1d requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
 +
|- style="background:#fff;"
 +
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.1.0l-win64.zip OpenSSL Binaries Win-64 v1.1.0l requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.
 +
|- style="background:#fff;"
 +
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.1.0l-win32.zip OpenSSL Binaries Win-32 v1.1.0l requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed. 
 +
|- style="background:#fff;"
 +
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.0.2t-win64.zip OpenSSL Binaries Win-64 v1.0.2t, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.
 +
|- style="background:#fff;"
 +
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.0.2t-win32.zip OpenSSL Binaries Win-32 v1.0.2t, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed. 
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.1a-win32.zip OpenSSL Binaries Win-32 1.1.1a requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed.  
+
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.1.1c-win64.zip OpenSSL Binaries Win-64 1.1.1c requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.0j-win64.zip OpenSSL Binaries Win-64 v1.1.0j requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.1.1c-win32.zip OpenSSL Binaries Win-32 1.1.1c requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.0j-win32.zip OpenSSL Binaries Win-32 v1.1.0j requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.1.0k-win64.zip OpenSSL Binaries Win-64 v1.1.0k requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.0.2q-win64.zip OpenSSL Binaries Win-64 v1.0.2q, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.1.0k-win32.zip OpenSSL Binaries Win-32 v1.1.0k requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.0.2q-win32.zip OpenSSL Binaries Win-32 v1.0.2q, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.0.2s-win64.zip OpenSSL Binaries Win-64 v1.0.2s, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-09-11 || [http://{{SERVERNAME}}/arch/openssl-1.1.1-win64.zip OpenSSL Binaries Win-64 1.1.1 requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed.
+
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.0.2s-win32.zip OpenSSL Binaries Win-32 v1.0.2s, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-09-11 || [http://{{SERVERNAME}}/arch/openssl-1.1.1-win32.zip OpenSSL Binaries Win-32 1.1.1 requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed.  
+
| 2019-02-27 || [http://{{SERVERNAME}}/arch/openssl-1.1.1b-win64.zip OpenSSL Binaries Win-64 1.1.1b requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.1.0i-win64.zip OpenSSL Binaries Win-64 v1.1.0i requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2019-02-27 || [http://{{SERVERNAME}}/arch/openssl-1.1.1b-win32.zip OpenSSL Binaries Win-32 1.1.1b requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.1.0i-win32.zip OpenSSL Binaries Win-32 v1.1.0i requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2019-02-27 || [http://{{SERVERNAME}}/arch/openssl-1.0.2r-win64.zip OpenSSL Binaries Win-64 v1.0.2r, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.0.2p-win64.zip OpenSSL Binaries Win-64 v1.0.2p, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2019-02-27 || [http://{{SERVERNAME}}/arch/openssl-1.0.2r-win32.zip OpenSSL Binaries Win-32 v1.0.2r, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.0.2p-win32.zip OpenSSL Binaries Win-32 v1.0.2p, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.1a-win64.zip OpenSSL Binaries Win-64 1.1.1a requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-03-27 || [http://{{SERVERNAME}}/arch/openssl-1.1.0h-win64.zip OpenSSL Binaries Win-64 v1.1.0h requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.1a-win32.zip OpenSSL Binaries Win-32 1.1.1a requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-03-27 || [http://{{SERVERNAME}}/arch/openssl-1.1.0h-win32.zip OpenSSL Binaries Win-32 v1.1.0h requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.0j-win64.zip OpenSSL Binaries Win-64 v1.1.0j requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-03-27 || [http://{{SERVERNAME}}/arch/openssl-1.0.2o-win64.zip OpenSSL Binaries Win-64 v1.0.2o, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.0j-win32.zip OpenSSL Binaries Win-32 v1.1.0j requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-03-27 || [http://{{SERVERNAME}}/arch/openssl-1.0.2o-win32.zip OpenSSL Binaries Win-32 v1.0.2o, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.0.2q-win64.zip OpenSSL Binaries Win-64 v1.0.2q, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2017-11-03 || [http://{{SERVERNAME}}/arch/openssl-1.1.0g-win64.zip OpenSSL Binaries Win-64 v1.1.0g requires ICS V8.32 or later] || Built with Visual Studio Community 2015 || For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.0.2q-win32.zip OpenSSL Binaries Win-32 v1.0.2q, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2017-11-03 || [http://{{SERVERNAME}}/arch/openssl-1.1.0g-win32.zip OpenSSL Binaries Win-32 v1.1.0g requires ICS V8.32 or later] || Built with Visual Studio Community 2015 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2018-09-11 || [http://{{SERVERNAME}}/arch/openssl-1.1.1-win64.zip OpenSSL Binaries Win-64 1.1.1 requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2017-12-07 || [http://{{SERVERNAME}}/arch/openssl-1.0.2n-win64.zip OpenSSL Binaries Win-64 v1.0.2n no SSLv2, requires ICS V8.24 or later] || Built with Visual Studio Community 2015 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2018-09-11 || [http://{{SERVERNAME}}/arch/openssl-1.1.1-win32.zip OpenSSL Binaries Win-32 1.1.1 requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2017-12-07 || [http://{{SERVERNAME}}/arch/openssl-1.0.2n-win32.zip OpenSSL Binaries Win-32 v1.0.2n no SSLv2, requires ICS V8.24 or later] || Built with Visual Studio Community 2015 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.1.0i-win64.zip OpenSSL Binaries Win-64 v1.1.0i requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2017-11-03 || [http://{{SERVERNAME}}/arch/openssl-1.0.2m-fips-win32.zip OpenSSL Binaries Win-32 v1.0.2m-fips no SSLv2, requires ICS V8.51 or later] || Built with Visual Studio Community 2015, requires Visual C++ Redistributable for Visual Studio 2015 installed || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.  This version may be used for testing OpenSSL FIPS 140-2  functionality, but the DLLs will not pass FIPS approval processes.
+
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.1.0i-win32.zip OpenSSL Binaries Win-32 v1.1.0i requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.   
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2017-11-03 || [http://{{SERVERNAME}}/arch/openssl-1.0.2m-win64.zip OpenSSL Binaries Win-64 v1.0.2m no SSLv2, requires ICS V8.24 or later] || Built with Visual Studio Community 2015 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.0.2p-win64.zip OpenSSL Binaries Win-64 v1.0.2p, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2017-11-03 || [http://{{SERVERNAME}}/arch/openssl-1.0.2m-win32.zip OpenSSL Binaries Win-32 v1.0.2m no SSLv2, requires ICS V8.24 or later] || Built with Visual Studio Community 2015 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.   
+
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.0.2p-win32.zip OpenSSL Binaries Win-32 v1.0.2p, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.   
 
 
 
|}
 
|}
  
Line 212: Line 300:
 
! Download  
 
! Download  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/FrameBrowserIcs.zip Executable Browser Demo]  
+
| [http://{{SERVERNAME}}/arch/FrameBrowserIcs.zip Executable Browser Demo - last update V8.61]  
 
|}
 
|}
  

Revision as of 16:40, 20 November 2019

ICS is available as source code only. You need Delphi to build the sample programs and create your own application. You will also need OpenSSL libraries if using SSL-enabled components.

ICS versions available:

  • ICS-V8 for Delphi 7 / C++ Builder 2006 to Delphi XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio / C++ Builder XE3, 10.2 Tokyo and 10.3 Rio with FireMonkey cross platform support for POSIX/MacOS, also IPv6 support (main development tree, 32 and 64-bit).
  • ICS-V7 for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder XE3 (stable release, no new development, please upgrade to V8).
  • ICS-V6 for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder 2007 (discontinued and obsolete, please upgrade to V7 if you do not have to support Windows versions < W2K).
  • ICS-V5 for Delphi / BCB 1 to Delphi / C++ Builder 2007 and Delphi .NET (discontinued, important bug fixes may still be backported from ICS-V7). SSL option requires at least Delphi 7 or C++ Builder 2006.

ICS News

Major Changes in ICS V8.63 include:

  1. IcsHosts is now supported in all the main ICS server components, TWSocketServer, TSslHttpServer, TSslHttpAppSrv, TIcsProxy, TIcsHttpProxy, TIcsIpStrmLog and TSslFtpServer. This simplifies server applications which do not need to setup an SSL context, can easily support multiple listeners and hosts, and can automatically order and install SSL/TLS certificates from Let's Encrypt and commercial suppliers. # There are several changes relating to automatic certificate ordering, mostly cosmetic based on experience adding the feature into more applications with a few issues fixed during testing with better logging.
  2. Made improvements to handle the OAuth2 version used by Google Accounts, allowing the REST component to access Google APIs such as Gmail.
  3. Did a major refresh of the three SSL/TLS trusted root certificate bundles included with ICS, to add new roots from Amazon and others, and remove untrusted certificates.
  4. There are improvements in TFtpCli to access FTP servers behind NAT routers where the internal and external IP addresses are different and not correctly handled by the FTP server.
  5. The TSslFtpServer component now uses the IcsHosts concept added to the web and proxy servers two years ago, see above. There is a new IcsHosts property which allows multiple hosts to be specified. Also fixed ftpsNoPasvIpAddrInLan and ftpsNoPasvIpAddrSameSubnet options to work correctly to present local passive IP address on LANs.
  6. The TIcsIpStrmLog component will now start despite non-fatal SSL/TLS certificate warnings, and may be used with self signed certificates. The OverbyteIcsIpStmLogTst sample shows how to restart the TCP server after the first SSL/TLS certificate is automatically installed.

Detailed ICS 8.63 Release Notes

Major Changes in ICS V8.62 include:

  1. The HTTP client has new properties. There is a new THttpAuthType of httpAuthJWT which uses the AuthBearerToken property for Json Web Token authentication. A new ProxyURL property combines four proxy properties as a URL for simplicity, ie http://[user[:password]@]host:port. The new AlpnProtocols property is a request list sent when an SSL connection starts, once connected GetAlpnProtocol returns which protocol the server wants to uses.
  2. Various improvements for automatic X509 SSL certificate ordering to support final ACME RFC8555. AcmeV2 now supports POST-as-GET, GET alone being removed later in 2019. Added Proxy URL support, might be needed for servers behind NAT firewalls for public access. Added support tls-alpn-01 challenge for local web server on 443, but not working yet.
  3. SocketServer now uses a separate local web server for servers not using ports 80 or 443 such as FTP, SMTP, proxies, etc, When ordering X509 SSL certificate using ChallFileSrv challenge.
  4. TWsocket now raises a background exception for user exceptions in the OnDataAvailable event rather than silently ignoring them. If IcsLogger is being used, HandleBackGroundException now logs exceptions and their source to make them easier to find.
  5. In the TSslHttpRest component, TRestParams can add Json parameters as PContJson which means arrays and nested Json can be added. Added a new SslAllowSelfSign property to connect OK to sites with self signed SSL certificates which would normally fail validation.
  6. TSimpleWebSrv now supports SSL, with certificate bundle and host name, and supports the SSL ALPN extension for automatic X509 SSL certificate ordering.
  7. The new TIcsSms component adds support for SMS Works bureau at https://thesmsworks.co.uk/ to send SMS messages, cheaper than Kapow, and allows sender ID to be freely changed.
  8. Updated all .dproj files for all samples to add the ICS source folder to the search path of each project.
  9. Added Time Zone support for date string conversions, to UTC time with a time zone, and back to local time using a time zone, primarily for SMTP email headers which otherwise show UTC time.
  10. TIcsIpStrmLog using TCP server now uses the root bundle correctly and reports the certificate chain and bindings. Ensure all listeners started for TCP Server, if more than one.

Detailed ICS 8.62 Release Notes

Major Changes in ICS V8.61 include:

  1. Added two new components using the new HTTPS REST component, which are both useful and illustrate how simply they can created, TIcsSms and TDnsQueryHttps, both in the OverbyteIcsSslHttpRest.pas unit with demos in OverbyteIcsHttpRestTst.
  2. The new TIcsSms component sends SMS text messages via an HTTP bureau, you will need an account. Initially supporting https://www.kapow.co.uk/.
  3. The new TDnsQueryHttps component makes DNS queries over HTTPS (DOH), to ensure integrity and privacy from interception by ISPs or proxies. The original TDnsQuery component has also been updated to support all the common queries and return them in using a single AnswerRecord array.
  4. Improved HTTP client and server NTLM authentication by adding Single Sign On with NTLM Session on Windows Domain to get credentials without needing them specified in code.
  5. Various improvements in the HTTPS REST, HTTP client and FTP client.
  6. Fixed SSL certificate ValidateCertChain to check certificate start and expiry dates in UTC time instead of local time.
  7. The Browser Demo sample using HtmlViewer now correctly supports authentication methods where a site requires a login, and has an improved log window that no longer slows down display of complex pages.

Detailed ICS 8.61 Release Notes

Major changes in ICS V8.60 include:

  1. Added several new components and sample applications created by Magenta Systems Ltd over the past 17 years and previously distributed and installed separately to the ICS distribution. Bundling them with ICS makes installation and updating easier, and allows existing ICS samples to make use of many the new components, such as UTF-8 file logging. All the components have new names so existing applications using the originally distributed versions will still work, but it's recommended updating existing applications for the new ICS versions. The added components include IP stream logging, SMTP Mail Queue, Time Server and Client, Whois client, blacklisting of malicious IP addresses, file logging functions, file indexing, copying and deleting, FTP indexing, multiple file uploading and downloading, HTTP page parsing and URL downloading.
  2. In THttpCli, only follow relocation for 3xx response codes, not 201 Created, but keep Location property for 201 which is often response to a POST and may be needed by the application.
  3. When starting TWSocket Connect, the IP address chosen for DNS lookup is now saved in ASCII as AddrResolvedStr which is useful in connect OK or failed events to see whether an IPV4 or IPv6 address was chosen, and which was used if DNS offered multiple IPs. AddrResolvedStr is exposed as a property in TWSocket, THttpCli, TSslHttpRest and TFFtpClient and reports in failed connection events. Other clients will be added soon.
  4. Various samples have been updated to ease testing of IPv6 and to save the diagnostic window activity to a disk log file, OverbyteIcsHttpsTst, OverbyteIcsHttpRestTst, OverbyteIcsTimeTst, OverbyteIcsX509CertsTst.
  5. Added round robin DNS lookup if DNSLookup returns multiple IP addresses, so they are used in turn after a failure when a component is called repeatedly without being freed. This is implemented in THttpCli, TSslHttpRest TFFtpClient and TIcsTimeClient. Other clients will be added soon. There is a new OnSelectDns event to override round robin lookup and make your own choice. By default, the DNS lookup in ICS components ignores IPv6 addresses and always use the first IPv4 address offered, when there is more than one. This is usually implemented in the OnDnsLookupDone event in the application or high level component. So if that first address does not respond, the application never tries any other addresses. This has become more of a problem when enabling applications for IPv6, by changing SocketFamily from the default sfIPv4, to sfAny, sfAnyIPv4 (prefer IPv4), sfAnyIPv6 (prefer IPV6) or sfIPv6 (only IPv6), when IPv6 addresses may also be returned as well as IPv4. Due to routing or firewall issues, IPv4 and IPv6 might not both be available and so connection will fail if that address is chosen first. Previously it was necessary to restrict SocketFamily so only the working family is attempted. The DNS round robin implementation relies on keeping the last successful connected IP address, so it can be re-used for subsequent connections, but looping through any alternative addresses if the last connection failed, for subsequent connection attempts. Most existing applications use the OnDnsDone event to select the connection IP address so the round robin code is added there. Newer applications making use of TWSocket ComponentOptions wsoAsyncDnsLookup should added code in OnDNSLookupDone and update the DnsResult property which is then used by Connect.
  6. IcsHosts supports two new TSslSrvSecurity server security levels, sslSrvSecTls12Less and sslSrvSecTls13Only, the former disables TLS1.3 in ICS servers if TLSv1.3 fails (perhaps a bad client implementation) while the second only supports TLSv1.3.
  7. Up to date C++ packages are included for 10.2 Tokyo and 10.3 Rio. Information on installing ICS for C++ 2007 may be found at: https://en.delphipraxis.net/topic/844-use-ics-with-c-builder-2007/ . Sorry, currently don't believe it's easy to update the ICS source code to avoid the changes needed for C++ 2007.

Detailed ICS 8.60 Release Notes

Changes in ICS V8.59 include:

  1. Now includes OpenSSL 1.1.1a and 1.0.2q binaries.
  2. Now builds again without USE_SSL define.
  3. Added AUTO_X509_CERTS define to remove a lot of units if automatic SSL/TLS certificate ordering is not required, saves up to 350KB of code in servers.

Major changes in ICS V8.58 include:

  1. Support for OpenSSL 1.1.1 with TLSv1.3, new cryptographic algorithms and ciphers. OpenSSL 1.1.0 and 1.0.2 also supported.
  2. A new client TSslHttpRest component with Json support for all compilers and integrating cookie, SSL/TLS, content decoding, content compression and logging. There are many THttpCli improvements.
  3. A new TRestOAuth component for OAuth2 authentication including an integrated local web server.
  4. JOSE (Json Object Signing and Encryption) components supporting JWT, JWS and JWK.
  5. Simplified client SSL/TLS security and protocol settings. Support for SSL ALPN extension.
  6. A new TSslX509Certs component allowing ICS servers to automatically order, download and install SSL/TLS certificates from various suppliers, including free certificates from Let's Encrypt, and commercial certificates for DigiCert, Comodo, Thawte and GeoTrust from CertCentre AG. It also acts as a private CA to issue local certificates.

Detailed ICS 8.58 Release Notes

Major changes in ICS V8.50 include:

  1. Two new components, TIcsProxy may be used to proxy any TCP protocol, TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing.
  2. Multiple SSL host support to TSslWSocketServer and other servers through IcsHosts property, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates, private key and security level, and host name.
  3. Support for both OpenSSL 1.0.2 and 1.1.0 versions, with the DLLs digitally signed and checked during loading.
  4. ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions to PEM. The server certificate chain can be validated and reported before the server starts.
  5. SSL certificates and requests can be created using ECC keys which use less bandwidth than RSA keys (but which few CAs support, yet) and alternate DNS names may be used as may other extended properties.
  6. HTML content code page detection and character set conversion to Delphi unicode strings, including converting entities (like ☍).

Detailed ICS 8.50 Release Notes

Overbyte Website

There are four options to obtain the source code.

Download from Overbyte web site

ICS-V8 is the main development version and needed for RAD Studio XE4 and later. Older versions are only here for very old compilers and don't have current SSL support.

Latest Stable Version ICS V8.63 - recommended

This is the latest recommended version, which has been tested and used for various published ICS application. It is updated for new releases of RAD Studio and major changes. V8.63 is the version displayed when RAD Studio starts and by the main unit OverbyteIcsWSocket. Note these versions include the latest version of the OpenSSL DLLs at the time of release.

Download Platforms
ICS-V8.63 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1d.
ICS-V8.63 Delphi 10.3 Rio only. Includes OpenSSL 1.1.1d.
ICS-V8.63 Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.1d.
ICS-V8.63 Delphi 10.1 Berlin only. Includes OpenSSL 1.1.1d.
ICS-V8.62 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1c.
ICS-V8.62 Delphi 10.3 Rio only. Includes OpenSSL 1.1.1c.
ICS-V8.62 Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.1c.
ICS-V8.62 Delphi 10.1 Berlin only. Includes OpenSSL 1.1.1c.
ICS-V8.61 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1b.
ICS-V8.60 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1b.
ICS-V8.59 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.1a.
ICS-V8.58 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.1.
ICS-V8.58 Delphi 10.3 Rio only. Includes OpenSSL 1.1.1.
ICS-V8.58 Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.1.
ICS-V8.58 Delphi 10.1 Berlin only. Includes OpenSSL 1.1.1.
ICS-V8.53 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin and 10.2 Tokyo, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.0h.
ICS-V8.50 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin and 10.2 Tokyo, C++ Builder 2006 to XE3. Includes OpenSSL 1.1.0f.
ICS-V8.50 Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.0f.
ICS-V8.50 Delphi 10.1 Berlin only. Includes OpenSSL 1.1.0f.
ICS-V8.44 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin and 10.2 Tokyo, C++ Builder 2006 to XE3. Includes OpenSSL 1.1.0e.
ICS-V8.44 Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.0e.
ICS-V8.44 Delphi 10.1 Berlin only. Includes OpenSSL 1.1.0e.
ICS-V8.44 Delphi 10 Seattle only. Includes OpenSSL 1.1.0e.
ICS-V8.34 Delphi 7 to XE8, 10 Seattle and 10.1 Berlin, C++ Builder 2006 to XE3. Includes OpenSSL 1.1.0b.
ICS-V8.34 Delphi 10.1 Berlin only. Includes OpenSSL 1.1.0b.
ICS-V8.34 Delphi 10 Seattle only. Includes OpenSSL 1.1.0b.
ICS-V8.26 Delphi 7 to XE8, 10 Seattle and 10.1 berlin, C++ Builder 2006 to XE3. Earliest version to support OpenSSL 1.0.2g and later.
ICS-V8.23 Delphi 7 to XE8 and 10 Seattle, C++ Builder 2006 to XE3

From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of third party components, and allows them to be automatically downloaded and installed. The same stable ICS versions listed above should be available from GetIt. Beware GetIt install each new version in a new directory. GetIt currently installs V8.58.

Zipped Daily Snapshots

This is the easiest way to get the latest version. These packages are built from the version control repositories automatically when they change and are refreshed once a day. To use the latest OpenSSL version, download this snapshot. Note the snapshot includes the latest version of the OpenSSL DLLs.

Download Changes log
ICS-V8 Snapshot View

Archives

Download Changes log
ICS-V7 Archive View
ICS-V6 Archive View
ICS-V5 Archive View

Version Control System

Using the version control repository is the best choice if you want to get live access to current development files. Overbyte uses a Subversion server and you need to use a Subversion client such as TortoiseSVN or your favorite browser. The URLs are as follows:

ICS Version SVN URL HTTP URL
ICS-V8 svn://svn.overbyte.be/ics/trunk http://svn.overbyte.be:8443/svn/ics/trunk
ICS-V7 svn://svn.overbyte.be/ics/tags/icsv7 http://svn.overbyte.be:8443/svn/ics/tags/icsv7
ICS-V6 svn://svn.overbyte.be/ics/tags/v6_obsolete http://svn.overbyte.be:8443/svn/ics/tags/v6_obsolete
ICS-V5 svn://svn.overbyte.be/icsv5 http://svn.overbyte.be:8443/svn/icsv5

Use username = ics and password = ics for read access. Write access is only available to TeamICS.

Download OpenSSL Binaries (required for SSL-enabled components)

Please note older versions of the ICS source code had an internal check to only allow loading of the latest OpenSSL it was tested with, so you could not use new DLLs with an old application without recompiling with the latest version of ICS first. But ICS V8.16 on 25th March 2015 relaxed this check so that minor versions with a letter suffix that don't add new features or break anything (in theory) are now supported. This worked for about a year, but OpenSSL 1.0.2g and 1.0.1s, and later, no longer support SSLv2 which means old versions of ICS can no longer load them, so V8.24 dated 3rd March 2016 or later is now needed for these current and newer OpenSSL releases. ICS V8.24 and later will currently support up to 1.0.2z, and V8.33 and later up to 1.1.0z. Also note ICS V8 no longer supports 1.0.1 and earlier.

OpenSSL removed support for the obsolete SSLv2 protocol in 2016 from 1.0.1s and 1.0.2g and ICS V8.35 finally removed SSLv2 support even with older OpenSSL releases.

OpenSSL 1.0.2 and later are only supported by ICS v8, v7 is no longer updated for new OpenSSL versions. The 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform, the 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications. Note that ICS V8.24 dated 3rd March 2016 and later included the latest OpenSSL 1.0.2 Win32 files to avoid a separate download. This was a long term support version for which support ceases at the end of 2019.

OpenSSL 1.1.0 is a major new version with new DLL file names and many different exports, and requires ICS V8.33 dated 29th August 2016, or later. Generally, applications need not be changed, but there are several new SSL features in V8.33 that should be studied. Beware the OpenSSL 1.1.0 and later DLLs may not be used with any existing SSL applications until they have been specifically updated to support all the changes. ICS V8.33 to V8.56 include the Win32 and Win64 OpenSSL 1.1.0 files. Support ceases for 1.1.0 in September 2019.

OpenSSL 1.1.1 is the latest long term support version and adds support for TLSv1.3 RFC8446 and various new cryptographic private key and hash digest types. Delphi applications require ICS V8.57 or later. ICS V8.57 and later include the Win32 and Win64 OpenSSL 1.1.1 files. This version will be supported until 2023. OpenSSL 1.1.1 only supports Windows Vista and later, not XP.

The next major version of OpenSSL will be 3.0.0 due for release in 2020, with a FIPS module. No major ICS changes will be needed to support 3.0.0.

Firefox version 63 and Chrome 71 both support TLSv1.3 final RFC8446, note Chrome has settings for older beta versions that must be disabled.

The OpenSSL DLLs and EXE files included in the latest zips below are digitally code signed 'Open Source Developer, François PIETTE', the lead developer for ICS. ICS V8.38 and later check the DLLs are correctly signed when opening them. Beware that Windows needs recent root certificates to check newly signed code, and may give an error if the root store has not been kept current by Windows Update, particularly on older versions of Windows such as XP, Vista and 7.

Date Download Description Comments
2019-09-12 OpenSSL Binaries Win-64 1.1.1d requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2019-09-12 OpenSSL Binaries Win-32 1.1.1d requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2019-09-12 OpenSSL Binaries Win-64 v1.1.0l requires ICS V8.32 or later Built with Visual Studio Build Tools 2017 For 64-bit applications only (XE2+). Digitally code signed.
2019-09-12 OpenSSL Binaries Win-32 v1.1.0l requires ICS V8.32 or later Built with Visual Studio Build Tools 2017 Use with 32-bit applications on Windows 64-bit. Digitally code signed.
2019-09-12 OpenSSL Binaries Win-64 v1.0.2t, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.
2019-09-12 OpenSSL Binaries Win-32 v1.0.2t, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
2019-05-28 OpenSSL Binaries Win-64 1.1.1c requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2019-05-28 OpenSSL Binaries Win-32 1.1.1c requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2019-05-28 OpenSSL Binaries Win-64 v1.1.0k requires ICS V8.32 or later Built with Visual Studio Build Tools 2017 For 64-bit applications only (XE2+). Digitally code signed.
2019-05-28 OpenSSL Binaries Win-32 v1.1.0k requires ICS V8.32 or later Built with Visual Studio Build Tools 2017 Use with 32-bit applications on Windows 64-bit. Digitally code signed.
2019-05-28 OpenSSL Binaries Win-64 v1.0.2s, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.
2019-05-28 OpenSSL Binaries Win-32 v1.0.2s, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
2019-02-27 OpenSSL Binaries Win-64 1.1.1b requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2019-02-27 OpenSSL Binaries Win-32 1.1.1b requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2019-02-27 OpenSSL Binaries Win-64 v1.0.2r, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.
2019-02-27 OpenSSL Binaries Win-32 v1.0.2r, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
2018-11-20 OpenSSL Binaries Win-64 1.1.1a requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2018-11-20 OpenSSL Binaries Win-32 1.1.1a requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2018-11-20 OpenSSL Binaries Win-64 v1.1.0j requires ICS V8.32 or later Built with Visual Studio Build Tools 2017 For 64-bit applications only (XE2+). Digitally code signed.
2018-11-20 OpenSSL Binaries Win-32 v1.1.0j requires ICS V8.32 or later Built with Visual Studio Build Tools 2017 Use with 32-bit applications on Windows 64-bit. Digitally code signed.
2018-11-20 OpenSSL Binaries Win-64 v1.0.2q, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.
2018-11-20 OpenSSL Binaries Win-32 v1.0.2q, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
2018-09-11 OpenSSL Binaries Win-64 1.1.1 requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2018-09-11 OpenSSL Binaries Win-32 1.1.1 requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2018-08-14 OpenSSL Binaries Win-64 v1.1.0i requires ICS V8.32 or later Built with Visual Studio Build Tools 2017 For 64-bit applications only (XE2+). Digitally code signed.
2018-08-14 OpenSSL Binaries Win-32 v1.1.0i requires ICS V8.32 or later Built with Visual Studio Build Tools 2017 Use with 32-bit applications on Windows 64-bit. Digitally code signed.
2018-08-14 OpenSSL Binaries Win-64 v1.0.2p, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.
2018-08-14 OpenSSL Binaries Win-32 v1.0.2p, requires ICS V8.24 or later Built with Visual Studio Build Tools 2017 Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.

Download OpenSSL Binaries (alternative)

OpenSSL website also links to Win32OpenSSL website providing another build of Win32 DLL binaries. Note note that unlike the builds above builds on that site may have dependencies on Visual C++ 2008 Redistributables (to keep dll files smaller) so make sure you include all the required (and correct) redistributable files in your software installation. You probably don't have to care about that if you use binaries above at the cost of slightly larger DLLs. Also note that site does not keep archives of older versions so you may want to watch their page if you prefer their binaries.

Browser Demo Application using HtmlViewer

This is an example internet browser using the HtmlViewer component from GitHub (11.8).

The browser demo is in the ICS nightly zip, in the folder samples\delphi\browserdemo, the project is FrameBrowserIcs.dpr. An executable version of the new demo may also be downloaded from here, built with HtmlViewer 11.8 and ICS V8.59, using Delphi 10.2 Tokyo. Beware HtmlViewer 11.8 only appears to support up to Delphi 10 Seattle, I took paackages and files from master to build in 10.2 Tokyo.

Download
Executable Browser Demo - last update V8.61

The HtmlViewer component must be downloaded and installed before the demo can be built. The demo is based on FrameBrowserIndy project but with various enhancements, specifically display of all HTTP, SSL and some or all HTML traffic which makes it very useful for debugging the THttpCli component.

The Options, Settings window allow the SSL security level to be adjusted to various TLS and cipher variations, which can be useful testing web sites that ICS has difficulty accessing.

The project is a good basic browser for HTML4, but does not support any scripting, so some sites without backward compatibility may appear strange.