ICS Download

From Overbyte
Revision as of 19:39, 27 May 2022 by Magsys (talk | contribs) (→‎Latest Stable Version ICS V8.68 - recommended)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

ICS is available as source code only. You need Delphi to build the sample programs and create your own application. You will also need OpenSSL libraries if using SSL-enabled components.

ICS versions available:

  • ICS-V8 for Delphi 7 / C++ Builder 2006 to Delphi XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0 / C++ Builder XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0 with FireMonkey cross platform support for POSIX/MacOS, also IPv6 support (main development tree, 32 and 64-bit).
  • ICS-V7 for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder XE3 (stable release, no new development, please upgrade to V8).
  • ICS-V6 for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder 2007 (discontinued and obsolete, please upgrade to V7 if you do not have to support Windows versions < W2K).
  • ICS-V5 for Delphi / BCB 1 to Delphi / C++ Builder 2007 and Delphi .NET (discontinued, important bug fixes may still be backported from ICS-V7). SSL option requires at least Delphi 7 or C++ Builder 2006.

ICS News

Major Changes in ICS V8.69 include:

  1. Major Changes in ICS V8.69 include:
  2. V8.69 has a lot of minor improvements, more HTTP client and server features, better built-in authentication, and added built in file uploading to the REST client component. Also continuing improving all the HTTP samples so they now hopefully test all the features of the ICS HTTP server, specifically adding POST and PUT file uploading, and a new client login window for interactive authentication with servers. Also added OCSP (Online Certificate Status Protocol) to ICS, which is used to check SSL/TLS certificates are legitimately issued and not revoked.
  3. In the HTTP client, added new methods RequestAsync and RequestSync which start a specified request by parameter, useful to repeat the last request from an event (such as should be trust the certificate and repeat). When using a proxy, make sure Path is not blank which will break proxies, change to / as for non-proxy requests. GetRequestDoneErrorStr now handles TWsocket errors. Fixed NTLM authentication which got broken in V8.61. Added a new THttpAuthType of httpAuthDigest2 for Digest with the modern SHA-256 algorithm instead of MD5 used by httpAuthDigest, only with USE_SSL. Added new property WWWAuthInfos array filled after 401/407 failure by parsing AuthorizationRequest headers for AuthType and Realm that may be presented to select an authentication option, get login and repeat request. Remove # fragment anchor rom the URL unless the new Option httpoAllowAnchor is set.
  4. In the HTTP REST client, added built in file uploading using POST or PUT. The file name is specified in HttpUploadFile using type HttpUploadStrat ofHttpUploadSimple with parameters in the URL or HttpUploadMIME for multipart with parameters in the first MIME part. Note the applications needs to supply parameters like FileName so the server knows what to do with the file. This may be tested against the ICS web server samples. Upon request completion, ReasonPhrase now also has status, so OK becomes 200 OK, etc. Previously the SslRevocation property was only effective when checking the windows certificate store, now it also works with bundle files using the new TOcspHttp component and OCSP stapling if available.
  5. In the HTTP server component, now converting FLastModified to UTC/GMT time for the response header. Added new authentication type atDigestSha2 with a SHA256 hash instead of MD5 with atDigest only supported with USE_SSL. Note: Mozilla Firefox supports Digest SHA-256, Chrome and Edge do not. Added a new client connection OnHttpRespHdr event to allow response headers to be logged, previously only request headers could be logged. Cleaned up AnswerStream functions so separate lines don't go into send buffer. Added OcspSrvStapling property which should be set to enables OCSP checks and stapling only with AUTO_X509_CERTS define since it adds extra HTTP client code. A revoked certificate will be auto ordered.
  6. In TWSocket, added new method SendTB(const Data: TBytes; Len: Integer=-1) where Len is optional, also similar SendToTB and SendToTB6 with TBytes, as an alternative to casting such types to use Send(). Restored the TlsExtension_cb callback for client debugging since ClientHelloCallback only works with servers.
  7. In TSslWSocketServer added OCSP (Online Certificate Status Protocol) support with IcsHosts using the TOcspHttp component to confirm server SSL/TLS certificates are legitimate and not revoked for security reasons. The certificate OCSP response is also stapled to the initial SSL/TLS HELO handshake and sent to the client to avoid it needing to lookup OCSP using HTTP itself. OCSP responses are cached and saved to a file for reloading later, but are refreshed every time the certificate is validated, at least once a day. The new server property OcspSrvStapling enables OCSP checks and stapling only with AUTO_X509_CERTS define since it adds extra HTTP client code. A revoked certificate will be auto ordered. OCSP checking is done in LoadOneCert and the stapled response sent in TriggerSslServerName when checking SNI. The same OCSP support is available in all ICS servers that use IcsHosts, including FTP, HTTP and TIcsIpStrmLog.
  8. All three main HTTP SSL client sample applications FrameBrowserIcs, OverbyteIcsHttpsTst and OverbyteIcsHttpRestTst now support interactive authentication with a new Login window that displays the different methods the server will accept (from the new property WWWAuthInfos array) allowing one to be selected from Basic, Digest MD5, Digest SHA256 and NTLM logins. This window is displayed after an 401 error and the request then repeated.
  9. The OverbyteIcsHttpsTst SSL sample now has all the missing features from the non-SSL samples, Content Encoding Gzip tick box to support compression, persistent cookie support, POST/PUT support to either send simple data or upload files in various ways (from OverbyteIcsHttpPost1 sample), may be tested against the ICS web server samples.
  10. The OverbyteIcsDDWebService SSL web server sample now builds on unicode compilers. Added authentication for POST requests and new 'Password protected page (POST)' button on the demo menu to test authentication using POST. Fixed web logging to log correct multiple listener. Builds on unicode compilers. Added Digest SHA-256 authentication page DemoDigest2Auth.html and DemoDigestsAll.html that does both digests. DemoAuthAll.html no longer does NTLM, use the separate page. Now displays server response headers if box ticked, only displayed request headers before. File Upload Form and Email Form pages now work without exceptions. The OverbyteIcsSslMultiWebServ SSL web sample has similar new authentication features and logging fixes.
  11. Updated OpenSSL to 3.0.3 and ZLIB (HTTP compression) to 1.2.12, sorry for long delay in updating zlib, now including some important bug fixes, although never saw any issues with the minimal use ICS makes of it. Updated the various ICS CA Trusted Stores.
  12. The OverbyteIcsPemtool SSL sample now does OCSP checks when examining certificate files. There is also a new Test Host Certificates tab that tests SSL/TLS handshake and certificates (using TIcsIpStrmLog) for a list of host names and ports, building a list of host and intermediate certificates that may be further checked and saved as files or added to an intermediate bundle. This new tester should prove useful for debugging sites that return SSL or certificate errors.

More detailed release notes are at ICS 8.69 Release Notes

Major Changes in ICS V8.68 include:

  1. V8.68 is a minor release, mainly HTTP client and server improvements including new request and response headers to assist browser caching and conditional requests, improved error reporting to help diagnose failed HTTP requests, and improvements in the HTTP REST component allowing it to save files including resuming failed downloads and download files of any size. There are minor fixes in various components, and updates to installing on MacOS and C++ Builder. There is also a new File Clean-Up demo ideal for deleting the old log files that many applications (including some ICS samples) leave on systems.
  2. The HTTP client TSslHttpCli now keeps the Etag response header as ResponseEtag, allowing applications to save it with the page content, and when requesting a refresh to add the request method ReqIfNoneMatch or ReqIfMatch to avoid downloading the page again. Improved RequestDoneError to give more information than a simple abort, added httperrOutOfMemory and httperrBgException which happen while receiving and processing data in the OnDocData event and httperrSslHandShake. For range downloads, added the ContentIfRange request header which can send an RFC1123 date or Etag so a partial download only happens if the file is unchanged.
  3. Previously, the HTTPS REST client TSslHttpRest always downloaded content to a TMemoryStream with content size being limited to MaxBodySize (default 100 MByte), and generally restricted by memory to less than 250 MByte. To remove this limitation, added the HttpMemStrategy property with THttpMemStrategy on how to handle downloads: HttpStratMem only TMemoryStream; HttpStratTemp uses a work file in the system temporary directory for sizes larger than MaxBodySize; HttpStratFile always writes a named file HttpDownFileName (with .part extension during download); HttpStratResume is similar to HttpStratFile but supports resume of failed partial downloads (with .http extension for resume information). Property ResumeMinSize defines the minimum sized partial file that should be resumed, rather than start again (default 64K). Added ShowProgress property that causes download information to be sent to the OnHttpRestProg event.
  4. The HTTP server TSslHttpServer now supports the If-Range, If-Match and If-None-Match request headers for conditional pages using Etag or last modified date, and sends 304 not modified for matches, to help with caching. Added an ETag header to responses in AnswerStream and AnswerPage when we can create one from a file modification date and size (base64 CRC32), or if the EntityTag property is specified in the client onGetDocument event before using hgSendDoc or hgSendStream, perhaps a CRC32 of the entire content from a cache. The 304 not modified response now includes more recommended headers. Also add a Date: header to AnswerStream and AnswerPage responses to help with caching.
  5. The Multi HTTPS client TIcsHttpMulti has been updated to a fix a problem that meant large files failed download with only an abort error if too large for TMemoryStream, now downloaded to TFileStream with .part extension and renamed up successful completion.
  6. The previous ICS release added support for the OpenSSL 3.0 release. Now it's been available for three months it has been added to the main distribution, the samples SslInternet directory now has both OpenSSL 1.1.1m and 3.0.1. ICS now supports YuOpenSSL 3.0 and 1.1.1 vrsions as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs.
  7. In TIcsFileCopy, the DeleteFiles method now supports a new Zipped property so files are zipped with .zip extension before being deleted, useful for cleaning up old logs to save space (requires VCLZip). The OverbyteIcsXferTst,dpr sample has a new File Clean-Up tab to test the multiple DeleteFiles method, it allow files older than x days or a specific date range to be archived/zipped (to save space) or deleted, ideal for deleting the old log files that many applications (including some ICS samples) leave on systems.
  8. In the FTP client TSslFtpClient, using the PORT command to set Active mode now prevents other FTP clients sharing the same port number and address, usually only a problem with a small port pool (which is not recommended).
  9. Updated the trusted root certificate bundle files, lots of changes from Microsoft since June, Google is now issuing it's own certificates. Updated the build-in sslRootCACertsBundle, few gone, now total 59 certificates commonly used.
  10. ICS should now build with C++ for RAD Studio 10.4 and 11.0, fixed the 11.0 packages and various Windows API related units, including for Win64.

More detailed release notes are at ICS 8.68 Release Notes


Major Changes in ICS V8.67 include:

  1. Added support and packages for RAD Studio 11.0. Updated SSL/TLS root certificate bundles, old certificates gone, new ones added, nothing major.
  2. Added support for OpenSSL 3.0 which is a major new release, primarily a lot of internal changes to ease long term support. There is an optional FIPS module with 3.0 but not available here since our DLLs are not built to the standards required for certification. The old engines for special extensions are replaced by new more versatile providers of which the FIPS module is one, a provider legacy.dll has obsolete ciphers and hash digests, including MD2, MD4, Blowfish, DES, IDEA, RC2, RC4, SEED, that most applications no longer need and which needs to loaded by the application by setting global variable GSSLEAY_LOAD_LEGACY to true before loading OpenSSL.
  3. OpenSSL 3.0 does not offer any specific new features of benefit to ICS at present, although HTTP/3 support is planned for 3.1 or later, so the main ICS distribution retains OpenSSL 1.1.1i which is fully supported until September 2023. OpenSSL 3.0 may be downloaded from the download page.
  4. The main implication for ICS with OpenSSL 3.0 is for SSL/TLS certificate private keys saved with password protection, which is required for PKCS12 certificates for importing into the Windows certificate store. The new PKCS12 default password encryption AES256 is not recognised until Windows Server 2016 v1709 and Windows 10 v1709, so Server 2012, Windows 10 RTM and earlier won't load AES passworded keys, only 3DES, for which the legacy.dll must be loaded.
  5. There are two new classes to write and read SSL/TLS certificates to and from the Windows Certificate Store, including private keys. This is primarily so Let's Encrypt certificates can be installed automatically for use with the IIS web server.
  6. Various improvements for the OverbyteIcsPemTool sample. It includes new buttons to list the contents of Windows certificate and private key stores and allow old items to be deleted. This may be useful for cleaning up old certificates and private keys from the Windows stores.
  7. For the TX509Certs component, the default cipher for encrypting PFX/P12 files is now PrivKeyEncAES256 with 3.0 unless the legacy DLL is loaded when still PrivKeyEncTripleDES so older versions of Windows can load them. Changed extraction of download PEM bundle so that main certificate does not need to be first in file, log them all, and ignore any self signed root certificates.
  8. Fixed two problems in the FTP client, support option ftpFixPasvLanIP for PUT/APPE uploads as well as downloads, and support IPv6 for PUT/APPE uploads as well as downloads.
  9. In the Application Web Server TSslHttpAppSrv, added an optional LastModified parameter to the AnswerStream, AnswerPage, and AnswerString methods to avoid adding a custom header line with the date. Added NO_CACHE_EX and NO_STORE_EX literals. Added PUT and DELETE verb handlers, similar to GET and POST.
  10. For the HTTP client TSslHttpCli, fixed a relocation problem where the Location: header included a path with a space, encode the space. Fixed another relocation problem where HEAD sometimes stalled. Remove # fragment or anchor from URL in relocation, only used by browsers and not by servers.
  11. Added a new SSL sample, OverbyteIcsDDWebService.dpr which is very similar to OverbyteIcsSslMultiWebServ.dpr, but designed as a Windows service, although it will also run as a GUI for debugging. It requires DDService service framework to be installed from https://www.magsys.co.uk/delphi/ddservice.asp. It also includes a REST server with simple lookup responses from a SQL database, which optionally requires DISQLite3 5.36.5 or later to be installed from http://www.yunqa.de. Note this sample in not in the project groups due to these pre-requisites.
  12. Moved TRestParams from the OverbyteIcsSslHttpRest unit to OverbyteIcsUrl to ease circular references. Added a new method AddItemNULL to add a null, in Json this will be unquoted. Added a new TRestParamsSrv component which provides methods for creating REST server Json responses from a SQL database esultset, one or more rows, also error responses. Note this is only compiled if DATABASE is defined in OverbyteIcsDefs.inc to avoid bringing in database units that are not available on all Delphi editions. There is a REST server sample OverbyteIcsDDWebService.dpr that illustrates SQL lookups.
  13. In the proxy component TIcsHttpProxy, don't send an HTTP request header until after HTTP body has been processed in case the body length changes. HTTP Forward Proxy using HTTP works again, broken in V8.65. Using HTTP Forward Proxy, convert absolute URL to path only since some servers can not process an absolute URL and sulk.
  14. In the Jose unit, rewrote the functions converting private keys to and from Json Web Keys with new OpenSSL 3.0 provider functions. Use AnsiStrings and functions when dealing with binary data to avoid possible issues with string conversions and nulls. Json now created with TRestParams.
  15. Added two new sample project groups, OtherDemos64 and SslDemos64 which include Win64 versions of all the main active samples with 64 added to the project name, so they can be regularly built alongside the Win32 versions without changing platforms and overwriting executables.

More detailed release notes are at ICS 8.67 Release Notes

Overbyte Website

There are four options to obtain the source code.

Download from Overbyte web site

ICS-V8 is the main development version and needed for RAD Studio XE4 and later. Older versions are only here for very old compilers and don't have current SSL support.

Latest Stable Version ICS V8.69 - recommended

This is the latest recommended version, which has been tested and used for various published ICS application. It is updated for new releases of RAD Studio and major changes. V8.69 is the version displayed when RAD Studio starts and by the main unit OverbyteIcsWSocket. Note these versions include the latest version of the OpenSSL DLLs at the time of release.

Download Platforms
ICS-V8.69 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0, C++ Builder 2006 to XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0. Includes OpenSSL 3.0.3.
ICS-V8.69 Delphi 11.0 only. Includes OpenSSL 3.0.3.
ICS-V8.69 Delphi 10.4 Sydney only. Includes OpenSSL 3.0.3.
ICS-V8.68 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0, C++ Builder 2006 to XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0. Includes OpenSSL 3.0.1.
ICS-V8.68 Delphi 11.0 only. Includes OpenSSL 3.0.1.
ICS-V8.68 Delphi 10.4 Sydney only. Includes OpenSSL 3.0.1.
ICS-V8.67 Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0, C++ Builder 2006 to XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0. Includes OpenSSL 1.1.1i.
ICS-V8.67 Delphi 11.0 only. Includes OpenSSL 1.1.1i.
ICS-V8.67 Delphi 10.4 Sydney only. Includes OpenSSL 1.1.1i.

From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of third party components, and allows them to be automatically downloaded and installed. The same stable ICS versions listed above should be available from GetIt.

Zipped Daily Snapshots

This is the easiest way to get the latest version. These packages are built from the version control repositories automatically when they change and are refreshed once a day. To use the latest OpenSSL version, download this snapshot. Note the snapshot includes the latest version of the OpenSSL DLLs.

Download Changes log
ICS-V8 Snapshot View

Archives

Download Changes log
ICS-V7 Archive View
ICS-V6 Archive View
ICS-V5 Archive View

Version Control System

Using the version control repository is the best choice if you want to get live access to current development files. Overbyte uses a Subversion server and you need to use a Subversion client such as TortoiseSVN or your favorite browser. The URLs are as follows:

ICS Version SVN URL HTTP URL
ICS-V8 svn://svn.overbyte.be/ics/trunk https://svn.overbyte.be/svn/ics/trunk
ICS-V7 svn://svn.overbyte.be/ics/tags/icsv7 https://svn.overbyte.be/svn/ics/tags/icsv7
ICS-V6 svn://svn.overbyte.be/ics/tags/v6_obsolete https://svn.overbyte.be/svn/ics/tags/v6_obsolete
ICS-V5 svn://svn.overbyte.be/icsv5 https://svn.overbyte.be/svn/icsv5

Use username = ics and password = ics for read access. Write access is only available to TeamICS.

Download OpenSSL Binaries (required for SSL-enabled components)

Please note older versions of the ICS source code had an internal check to only allow loading of the latest OpenSSL it was tested with, so you could not use new DLLs with an old application without recompiling with the latest version of ICS first.

OpenSSL 1.0.2 and later are only supported by ICS v8, v7 is no longer updated for new OpenSSL versions. The 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform, the 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications. Note that ICS V8.24 dated 3rd March 2016 and later included the latest OpenSSL 1.0.2 Win32 files to avoid a separate download. This was a long term support version for which free support ceased at the end of 2019, but paid support from OpenSSL continues for those needing it. ICS V8.65 is the last version to support 1.0.2.

OpenSSL 1.1.0 is obsolete and no longer supported. ICS V8.65 is the last version to support 1.1.0.

OpenSSL 1.1.1 is the latest long term support version and adds support for TLSv1.3 RFC8446 and various new cryptographic private key and hash digest types. Delphi applications require ICS V8.57 or later. ICS V8.57 and later include the Win32 and Win64 OpenSSL 1.1.1 files. This version will be supported until September 2023. OpenSSL 1.1.1 only supports Windows Vista and later, not XP.

OpenSSL 3.0 is a major new release, primarily a lot of internal changes to ease long term support. ICS 8.67 is required to support 3.0. There is an optional FIPS module with 3.0 but not available here since our DLLs are not built to standards required for certification. The old engines for special extensions are replaced by new more versatile providers of which the FIPS module is one, a provider legacy.dll contained in the distribution has obsolete ciphers and hash digests that most applications no longer need and which needs to loaded by the application. This version will be supported until September 2026.

Firefox version 63 and Chrome 71 both support TLSv1.3 final RFC8446, note Chrome has settings for older beta versions that must be disabled.

The OpenSSL DLLs and EXE files included in the zips above are digitally code signed 'Magenta Systems Ltd', one of the organisations that maintains ICS. The Magenta Systems Code Signing Trust and Certificate Check component may be used to check the correctly signed DLLs are being used by ICS, with this functionality included in ICS V8.38 and later. Beware that Windows needs recent root certificates to check newly signed code, and may give an error if the root store has not been kept current by Windows Update, particularly on older versions of Windows such as XP, Vista and 7.

Date Download Description Comments
2022-05-06 OpenSSL Binaries Win-64 3.0.3 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2022-05-06 OpenSSL Binaries Win-32 3.0.3 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2022-05-06 OpenSSL Binaries Win-64 1.1.1o requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2022-05-06 OpenSSL Binaries Win-32 1.1.1o requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2022-03-15 OpenSSL Binaries Win-64 3.0.2 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2022-03-15 OpenSSL Binaries Win-32 3.0.2 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2022-03-15 OpenSSL Binaries Win-64 1.1.1n requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2022-03-15 OpenSSL Binaries Win-32 1.1.1n requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2021-12-17 OpenSSL Binaries Win-64 3.0.1 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2021-12-17 OpenSSL Binaries Win-32 3.0.1 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2021-12-17 OpenSSL Binaries Win-64 1.1.1m requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2021-12-17 OpenSSL Binaries Win-32 1.1.1m requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2021-09-07 OpenSSL Binaries Win-64 3.0.0 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2021-09-07 OpenSSL Binaries Win-32 3.0.0 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2020-03-18 OpenSSL Binaries Win-64 1.0.2u requires ICS V8.24 to ICS V8.65 Built with Visual Studio Build Tools 2017 For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2020-03-18 OpenSSL Binaries Win-32 1.0.2u requires ICS V8.24 to ICS V8.65 Built with Visual Studio Build Tools 2017 Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.

Download OpenSSL Binaries (alternative)

OpenSSL website also links to Win32OpenSSL website providing another build of Win32 DLL binaries. Note note that unlike the builds above builds on that site may have dependencies on Visual C++ 2008 Redistributables (to keep dll files smaller) so make sure you include all the required (and correct) redistributable files in your software installation. You probably don't have to care about that if you use binaries above at the cost of slightly larger DLLs. Also note that site does not keep archives of older versions so you may want to watch their page if you prefer their binaries.

Browser Demo Application using HtmlViewer

This is an example internet browser using the HtmlViewer component from GitHub (11.8).

The browser demo is in the ICS nightly zip, in the folder samples\delphi\browserdemo, the project is FrameBrowserIcs.dpr. An executable version of the new demo may also be downloaded from here, built with HtmlViewer 11.8 and ICS V8.69, using Delphi 11.0.

Download
Executable Browser Demo - last update V8.69

The HtmlViewer component must be downloaded and installed before the demo can be built. The demo is based on FrameBrowserIndy project but with various enhancements, specifically display of all HTTP, SSL and some or all HTML traffic which makes it very useful for debugging the THttpCli component. Recent versions of HtmlViewer also include FrameBrowserIcs.dpr but it has been changed substantially from the ICS version and I've been unable to build it.

The Options, Settings window allow the SSL security level to be adjusted to various TLS and cipher variations, which can be useful testing web sites that ICS has difficulty accessing.

The project is a good basic browser for HTML4, but does not support any scripting, so most sites without backward compatibility may appear strange.