Difference between revisions of "ICS Download"

From Overbyte
Jump to navigation Jump to search
 
(113 intermediate revisions by 2 users not shown)
Line 1: Line 1:
ICS is available as source code only. You need Delphi to build the sample programs and create your own application. You will also need OpenSSL libraries if using SSL-enabled components.
+
ICS is available as source code only. You need Delphi to build the sample programs and create your own application.  
  
 
'''ICS versions available:'''
 
'''ICS versions available:'''
  
*'''ICS-V8''' for Delphi 7 / C++ Builder 2006 to Delphi XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio / C++ Builder XE3, 10.2 Tokyo and 10.3 Rio with FireMonkey cross platform support for POSIX/MacOS, also IPv6 support (main development tree, 32 and 64-bit).  
+
*'''ICS-V9''' for Delphi 7 to Delphi 12 / C++ Builder 10.2 to 12,  FireMonkey cross platform support for POSIX/MacOS (long term support release, 32 and 64-bit).  
*'''ICS-V7''' for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder XE3 (stable release, no new development, please upgrade to V8).  
+
*'''ICS-V8''' for Delphi 7 to Delphi 11 (stable release, no new development, please upgrade to V9). 
*'''ICS-V6''' for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder 2007 (discontinued and obsolete, please upgrade to V7 if you do not have to support Windows versions < W2K).
+
*'''ICS-V7''' for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder XE3 (discontinued and obsolete, please upgrade to V9).  
*'''ICS-V5''' for Delphi / BCB 1 to Delphi / C++ Builder 2007 and Delphi .NET (discontinued, important bug fixes may still be backported from ICS-V7). SSL option requires at least Delphi 7 or C++ Builder 2006.
+
*'''ICS-V6''' for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder 2007 (discontinued and obsolete, please upgrade to V9 if you do not have to support Windows versions < W2K).
 +
*'''ICS-V5''' for Delphi / BCB 1 to Delphi / C++ Builder 2007 and Delphi .NET (discontinued and obsolete, please upgrade to V9).
  
 
== ICS News ==
 
== ICS News ==
Major Changes in '''ICS V8.62''' include:
 
  
# The HTTP client has new properties. There is a new THttpAuthType of httpAuthJWT which uses the AuthBearerToken property for Json Web Token authentication. A new ProxyURL property combines four proxy properties as a URL for simplicity, ie http://[user[:password]@]host:port. The new AlpnProtocols property is a request list sent when an SSL connection starts, once connected GetAlpnProtocol returns which protocol the server wants to uses.
+
Changes in '''ICS V9.3''' include:
# Various improvements for automatic X509 SSL certificate ordering to support final ACME RFC8555. AcmeV2 now supports POST-as-GET, GET alone being removed later in 2019. Added Proxy URL support, might be needed for servers behind NAT firewalls for public access. Added support tls-alpn-01 challenge for local web server on 443, but not working yet.
 
# SocketServer now uses a separate local web server for servers not using ports 80 or 443 such as FTP, SMTP, proxies, etc, When ordering X509 SSL certificate using ChallFileSrv challenge.
 
# TWsocket now raises a background exception for user exceptions in the OnDataAvailable event rather than silently ignoring them. If IcsLogger is being used, HandleBackGroundException now logs exceptions and their source to make them easier to find.
 
# In the TSslHttpRest component, TRestParams can add Json parameters as PContJson which means arrays and nested Json can be added. Added a new SslAllowSelfSign property to connect OK to sites with self signed SSL certificates which would normally fail validation.
 
# TSimpleWebSrv now supports SSL, with certificate bundle and host name, and supports the SSL ALPN extension for automatic X509 SSL certificate ordering.
 
# The new TIcsSms component adds support for SMS Works bureau at https://thesmsworks.co.uk/ to send SMS messages, cheaper than Kapow, and allows sender ID to be freely changed.
 
# Updated all .dproj files for all samples to add the ICS source folder to the search path of each project. 
 
# Added Time Zone support for date string conversions, to UTC time with a time zone, and back to local time using a time zone, primarily for SMTP email headers which otherwise show UTC time.
 
# TIcsIpStrmLog using TCP server now uses the root bundle correctly and reports the certificate chain and bindings. Ensure all listeners started for TCP Server, if more than one.
 
  
[[ICS_V8.62 | Detailed ICS 8.62 Release Notes]]
+
#V9.3 continues the simplification of use of ICS components by consolidating many types and constants into the OverbyteIcsTypes unit, avoiding projects needing to find and add specific units before they will build.  For XE2 and later, OverbyteIcsTypes and OverbyteIcsSslBase will be added automatically when components needing them are dropped on a form, or that form accessed for existing projects.  One benefit of this change is removing dependence on several units for many components and applications, it should be possible to remove OverbyteIcsWinsock, OverbyteIcsLIBEAY, OverbyteIcsSSLEAY and OverbyteIcsLogger from most applications, and also other units. See https://wiki.overbyte.eu/wiki/index.php?title=Updating_projects_to_V9.3 for more information.
 +
# Previously, the Windows Certificate Store was supported on Windows for all components and samples, despite it not always being required.  There are three new defines {$DEFINE MSCRYPT_Clients}, {$DEFINE MSCRYPT_Servers} and {$DEFINE MSCRYPT_Tools) that determine which components can use the store, at least one must be set or applications that need the store will fail. Although these new defines all default to enabled in the OverbyteIcsDefs.inc supplied with V9.3 and later, unless this file is installed, Windows Certificate Store will be unavailable.  These defines are disabled for non-Windows platforms and for C++ Builder which has bugs.
 +
#Added new application independent monitoring, comprising a client component and server sample.  The ICS Application Monitor TIcsAppMonCli client component is designed to report to an ICS Application Monitor server, which will ensure the main application remains running.  The ICS Application Monitor server IcsAppMon.exe is designed to monitor ICS applications using the TIcsAppMonCli client component, and ensure they remain running, restarting the application if it stops or becomes non-responsive, or on demand. Primarily to keep ICS server Windows services running non-stop, but may also be used for network wide monitoring of ICS applications. Client and server both use the TIcsIpStrmLog component with a simple TCP protocol.  More information at https://wiki.overbyte.eu/wiki/index.php?title=FAQ_ICS_Application_Monitoring
 +
#The HTTP client components TSslHttpCli and TSslHttpRest have new RespMimeType and RespCharset response properties parsed from the Content-Type header to avoid applications needing to parse this headers.  Fixed a problem in V9.2 where a missing / was added to the start of the request path, but was not needed for absolute paths used for proxies.
 +
#The TIcsIpStrmLog streaming log component has improvements for TCP Server mode when multiple remote clients connect.  Previously the same data was sent to all remote clients (the original concept being remote logging), but now applications can send data to specific remote clients, and more easily check which remote client is receiving data.  This change means TIcsIpStrmLog can be used as the core of many TCP servers with different protocols, such as the new IcsAppMon sample, see above.
 +
#The TSslHttpRest and component has a new way for applications to check SSL certificate chains themselves, ignoring OpenSSL bundle checks, usually for self signed private certificates, maybe checking certificate serials, names or public key. If LogSslVerMethod = logSslVerOwnEvent, a new event OnSslCertVerifyEvent is called so the application can check the chain and change the verify result appropriately.
 +
#Improved the ability to customise SSL ciphers if the ICS defaults need to be changed.  TSslContext and TIcsHosts have three properties, SslCipherList for TLSv12 ciphers, SslCipherList13 for TLSv13 ciphers, and SslCryptoGroups sets the cipher curve groups allowed (like P-256 or X25519).  Beware old SslContexts may include group P-512 which must be corrected to T-521.  SSL handshake responses now show the curve group used for OpenSSL 3.2 and later.  The OverbyteIcsHttpsTst client sample may be used to test the new cipher options, and they will be read from IcsHosts INI files for servers.
 +
#Added a new web server sample OverbyteIcsBasicWebServer1.dpr which is a simplified version of OverbyteIcsSslMultiWebServ ignoring configuration INI files, security features, session data, most demo pages and most logging, and settings for localhost set in code, search for IcsHosts to change IP addresses, etc. This sample should be easier to use as a basis for new web server applications.  The existing samples OverbyteIcsSslMultiWebServ and OverbyteIcsDDWebService have a new index.html template page, and default to localhost 127.0.0.1 with an internal localhost SSL certificate, so should always response to https://localhost/ without any INI file changes.
 +
#Fixed an HTTP web server problem in V9.2 to avoid repeated redirection for virtual default page /, was adding /// etc.
 +
#Updated OpenSSL binary and resource files to releases 3.3.2, 3.2.3 and 3.0.15, only one of which will be linked according to defines.
 +
#Restored the sample OverbyteIcsConHttp.dpr which is a console example, now supports SSL by replacing THttpCli with TSslHttpRest, no longer needs any events or a message loop for a single sync request, so a less code than without SSL. Now contacts https://wiki.overbyte.eu/wiki.
 +
#A lot of changes have been made preparing ICS for Linux.  Corrected loading OpenSSL on Posix, now loads the system supplied OpenSSL 3 DLLs on Ubuntu 22.04.  The Linux package now builds correctly, but beware WSocket is not yet supported on Linux so no protocols will work.  There is a new IcsPemTest FMX sample that works on Ubuntu 22.04 and which will create ICS signed SSL certificates.  Note, MacOS support is disabled pending the new Posix implementation.
  
Major Changes in '''ICS V8.61''' include:
+
Changes in '''ICS V9.2''' include:
  
# Added two new components using the new HTTPS REST component, which are both useful and illustrate how simply they can created, TIcsSms and TDnsQueryHttps, both in the OverbyteIcsSslHttpRest.pas unit with demos in OverbyteIcsHttpRestTst.
+
#V9.2 is a minor release, fixing a few issues introduced in the last major release, and other bugs located since. There are no breaking or installation changes from V9.1, but if updating from earlier releases please read https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1
# The new TIcsSms component sends SMS text messages via an HTTP bureau, you will need an account. Initially supporting https://www.kapow.co.uk/.
+
#TIcsMailQueue can now queue a prepared EML file created by another application, or perhaps received by the SMTP Server.  Added optional SkipEmpty argument to StartMailQu method so queue is not started unless there are pending emails waiting to be sent. The sample has 'Send Prepared EML File' to queue an existing EML file rather then preparing email with properties.
# The new TDnsQueryHttps component makes DNS queries over HTTPS (DOH), to ensure integrity and privacy from interception by ISPs or proxies. The original TDnsQuery component has also been updated to support all the common queries and return them in using a single AnswerRecord array.
+
#Improved email MIME decoding by supporting embedded boundaries, usually for multipart/alternative parts, within a multipart/mixed message, using code written 20 years ago but suppressed for some reason.  Previously these parts were sometimes left encoded within a part. There is a new property LooseRFC to allow decoding if the boundaries in the body are missing the two required hyphens, usually because the boundary also begins with hyphens. TMimeDecodeEx should now always return the body if no MIME parts are found, and TPartInfo has PLevel which is Part Level, and PInfo which is displayable part information for logs.  The MimeDDemo sample has various improvements to test these features.
# Improved HTTP client and server NTLM authentication by adding Single Sign On with NTLM Session on Windows Domain to get credentials without needing them specified in code.
+
#Fixed a nasty Win64 problem reading EC certificates from the Windows Store, which may have caused server crashes, also reproducible in the PemTool listing the Windows Store. This was due to Win64 bad initialisation of a buffer used for a Crypto API call that failed.
# Various improvements in the HTTPS REST, HTTP client and FTP client.
+
#The HTTP client now check the URL always has / at start of the path, ie add it for test.com?query. In the REST client, added a sanity check for RawParameters to encode any spaces, which can break the HTTP request. After a file download completed, check actual file size against response size. The multipart/form-data MimeBoundary no longer includes extra -- at start that are required preceding boundaries within parts, some web servers may have  been unable to decode our MIME encoding.
# Fixed SSL certificate ValidateCertChain to check certificate start and expiry dates in UTC time instead of local time.
+
#The HTTP server has a new method AnswerRedirect for various redirection responses to a new URL. When accessing the default document in a path without a trailing path delimited /, redirect using 301 to the correct path with delimiter instead of adding it locally and displaying the document which will then incorrectly link to pages in a higher level directory. Using the THttpOption hoAddMissPath redirects if the default document is missing perhaps a template or virtual document. Fixed a bug where authenticated POST/PUT requests always returned a 404 error. Added AnswerBodyTB client response with TBytes binary, similar to AnswerString, tested in the sample by supporting favicon.ico request.  Check if the request HTTP version gets corrupted due to spaces in the URL, which are not allowed. The SslMultiWebServ sample has new web pages to test POST/PUT and template authentication.
# The Browser Demo sample using HtmlViewer now correctly supports authentication methods where a site requires a login, and has an improved log window that no longer slows down display of complex pages.
+
#TSslX509Certs has a new function CertResetDomain to reset a certificate order state to None, if the order process stalls or gets confused due to errors. If AcmeV2StartChallgs fails because there are no pending challenges, reset to order to None so it starts again next time and does not loop.
 +
#ICS not longer tries to load OpenSSL RAND_screen function that may be missing from recent DLLs.
 +
#TIcsHttpMulti fixes a bug introduced in V8.66 that stopped the application setting authentication, rather than adding it to the URL, and a Win64 free stream bug.
 +
#TIcsIpStrmLog correctly counts failed client connection attempts if ping is not used first to check the remote IP address. The sample has a new client Retry Attempts box to test this.
 +
#Updated the Snippets sample to use authentication to access some the hardcoded URLs, which started failing after authentication was added to test web server bugs (see above).
 +
#Added OverbyteIcsHttpThrd sample to show how to use TSslHttpRest component in a multi-threaded program.
 +
#Improved Posix support for Linux and Android, not tested or supported yet.  Beware SSL does not correctly load for Posix at the moment.
 +
#Added support for a new feature release of OpenSSL 3.3 with {$DEFINE OpenSSL_33} in the Defs.inc file, ICS includes  new versions of the active versions, 3.3.1, 3.2.2 and 3.0.14, but no longer includes 3.1 since there are two newer feature versions.
 +
#Updated the 'ICS Intermediate Short' SSL certificates, used by ICS to generate temporary server certificates to allow SSL servers to run until a Let's Encrypt or commercial certificate is installed. It now expires after 200 days, 21st December 2024, after which self signed certificates will be used instead, unless a newer 'short' is installed.
 +
#Only Delphi 10.41  and 10.42 (10.4 with updates 1 or 2) will install correctly with the new install packages, the original RTM version does not support the package LIB suffix: $(Auto) so you must change it manually for each package to 21.0.
  
[[ICS_V8.61 | Detailed ICS 8.61 Release Notes]]
+
Major Changes in '''ICS V9.1''':
  
Major changes in '''ICS V8.60''' include:
+
Although ICS V9.1 does not contain any new components, there are many other SSL/TLS changes that will affect existing applications, but make ICS easier to use and support for the future.
  
# Added several new components and sample applications created by Magenta Systems Ltd over the past 17 years and previously distributed and installed separately to the ICS distribution. Bundling them with ICS makes installation and updating easier, and allows existing ICS samples to make use of many the new components, such as UTF-8 file logging. All the components have new names so existing applications using the originally distributed versions will still work, but it's recommended updating existing applications for the new ICS versions. The added components include IP stream logging, SMTP Mail Queue, Time Server and Client, Whois client, blacklisting of malicious IP addresses, file logging functions, file indexing, copying and deleting, FTP indexing, multiple file uploading and downloading, HTTP page parsing and URL downloading.
+
#Delphi 10.4 and later now use the same install groups and packages, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx, making support a lot easier. Version specific groups remain for Delphi 10.3 and earlier, with new groups D(X)InstallVcl for VCL only replacing the old OverbyteIcs(X) groups, again to simplify support. Dozens of old packages have been removed for this release, so please delete all old groups and packages before installing V9.1, to avoid a mix of old and new packages.  Only C++ 10.4 and later are now supported, but untested.
# In THttpCli, only follow relocation for 3xx response codes, not 201 Created, but keep Location property for 201 which is often response to a POST and may be needed by the application.
+
#The old samples directory has gone and many of the older and little used samples have been archived to a separate download.  The active samples used to test and demonstrate all ICS components are now split into the following paths, in the ICS root directory: All these samples can now be built for Win32 and Win64 platforms.
# When starting TWSocket Connect, the IP address chosen for DNS lookup is now saved in ASCII as AddrResolvedStr which is useful in connect OK or failed events to see whether an IPV4 or IPv6 address was chosen, and which was used if DNS offered multiple IPs. AddrResolvedStr is exposed as a property in TWSocket, THttpCli, TSslHttpRest and TFFtpClient and reports in failed connection eventsOther clients will be added soon.
+
##demos-delphi-vcl - 45 VCL samples for Windows.
# Various samples have been updated to ease testing of IPv6 and to save the diagnostic window activity to a disk log file, OverbyteIcsHttpsTst, OverbyteIcsHttpRestTst, OverbyteIcsTimeTst, OverbyteIcsX509CertsTst.
+
##demos-delphi-extra - four VCL samples that need third party components to build.
# Added round robin DNS lookup if DNSLookup returns multiple IP addresses, so they are used in turn after a failure when a component is called repeatedly without being freedThis is implemented in THttpCli, TSslHttpRest TFFtpClient and TIcsTimeClient. Other clients will be added soon. There is a new OnSelectDns event to override round robin lookup and make your own choice. By default, the DNS lookup in ICS components ignores IPv6 addresses and always use the first IPv4 address offered, when there is more than one. This is usually implemented in the OnDnsLookupDone event in the application or high level componentSo if that first address does not respond, the application never tries any other addresses. This has become more of a problem when enabling applications for IPv6, by changing SocketFamily from the default sfIPv4, to sfAny, sfAnyIPv4 (prefer IPv4), sfAnyIPv6 (prefer IPV6) or sfIPv6 (only IPv6), when IPv6 addresses may also be returned as well as IPv4Due to routing or firewall issues, IPv4 and IPv6 might not both be available and so connection will fail if that address is chosen first.  Previously it was necessary to restrict SocketFamily so only the working family is attempted. The DNS round robin implementation relies on keeping the last successful connected IP address, so it can be re-used for subsequent connections, but looping through any alternative addresses if the last connection failed, for subsequent connection attempts. Most existing applications use the OnDnsDone event to select the connection IP address so the round robin code is added there. Newer applications making use of TWSocket ComponentOptions wsoAsyncDnsLookup should added code in OnDNSLookupDone and update the DnsResult property which is then used by Connect.
+
##demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS.
# IcsHosts supports two new TSslSrvSecurity server security levels, sslSrvSecTls12Less and sslSrvSecTls13Only, the former disables TLS1.3 in ICS servers if TLSv1.3 fails (perhaps a bad client implementation) while the second only supports TLSv1.3.
+
##demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help.
# Up to date C++ packages are included for 10.2 Tokyo and 10.3 Rio. Information on installing ICS for C++ 2007 may be found at: https://en.delphipraxis.net/topic/844-use-ics-with-c-builder-2007/ . Sorry, currently don't believe it's easy to update the ICS source code to avoid the changes needed for C++ 2007.
+
##demos-data - data files for samples, such as web pages.
 +
#To ease development, linking and future support, some new units have been added by splitting existing units with multiple components, unfortunately this means many existing projects will need one or more of the new units adding to their uses section. Apologies for the pain, but this should have been done a long time agoThe main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket unit to a new unit OverbyteIcsSslBase.
 +
#Distribution of the ICS OpenSSL files has changed.  Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code.  There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing the public variable GSSL_DLL_DIR set to a specific directory before OpenSSL was loadedLikewise, root CA bundle directories had to be distributed with applications and loaded with code. ICS V9.1 allows five different ways of loading OpenSSL: Which method ICS uses to load OpenSSL depends upon several defines in the .\Source\Include\OverbyteIcsDefs.inc file, please see the readme9.txt file for details. ICS currently includes resource files for three different OpenSSL releases, 3.0`13. 3.1.5 and 3.2.1, which version is linked is controlled by a define. If the OpenSSL DLLs are linked into the application, they are extracted to a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ so different applications can use different OpenSSL versionsThis happens only once if the files have not already been extracted.  When updating existing projects without using any new defines, the ICS old behaviour of methods 3, 4 and 5 above remain with no changes needed.
 +
##DLLs linked into application as resource files
 +
##DLLs loaded from common directory C:\ProgramData\ICS-OpenSSL\
 +
##OpenSSL DCU linked into application using commercial YuOpenSSL
 +
##DLLs loaded from location specified in public variable GSSL_DLL_DIR
 +
##DLLs loaded according to path, may be found anywhere on PC
 +
#A common IcsSslRootCAStore component is now created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores.  The three different CA stores included with ICS are now supplied as resource files, with a define determining which is linked into applications.Another define causes OpenSSL and this store to be loaded at application startup, so OpenSSL is available for allcomponents, without it needing to be loaded again, perhaps repeatedlyWithout new defines, a CA Store can be loaded manually into IcsSslRootCAStore. The ICS servers use CA Stores now use IcsSslRootCAStore and no longer load any files specified.
 +
#All SSL/TLS servers need a certificate and private key to start, even when testing.  Previously ICS supplied some self signed certificates for testing, and also created such certificates automatically if they were missing or if the server was about to order a Let's Encrypt certificate.  Accessing such servers for testing using browsers raised various warnings.ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before. If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give no warnings. The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly. There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use. It is possible to replace the ICS root with your own private root certificate and have servers create their own certificates against that root, for internal networks.
 +
#The TSslHttpRest component now allows TRestParams to be created as content type 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, allowing multiple files and extra parameters. TRestParams are now built into a TStream rather than a string to allow larger parameter sizes, tested up to 8GB. The ICS web server samples have improved MIME decoding to accept massive uploads.
 +
#Several client and server components have a new property NoSSL which if set will prevent those components using SSL/TLS for HTTPS or FTPS, even if the application is linked with OpenSSL code. Beware the IcsSslRootCAStore component must not be initialised by the application.
  
[[ICS_V8.60 | Detailed ICS 8.60 Release Notes]]
+
Full release notes are at More detailed release notes are at [[ICS_V9.1 | ICS 9.1 Release Notes]]
  
Changes in '''ICS V8.59''' include:
+
More detailed instructions for updating to V9.1 are at [[Updating_projects_to_V9.1 | pdating projects to V9.1]
  
# Now includes OpenSSL 1.1.1a and 1.0.2q binaries.
 
# Now builds again without USE_SSL define.
 
# Added AUTO_X509_CERTS define to remove a lot of units if automatic SSL/TLS certificate ordering is not required, saves up to 350KB of code in servers.
 
  
Major changes in '''ICS V8.58''' include:
 
  
# Support for OpenSSL 1.1.1 with TLSv1.3, new cryptographic algorithms and ciphers. OpenSSL 1.1.0 and 1.0.2 also supported.
+
Major Changes in '''ICS V9.0''' include:
# A new client TSslHttpRest component with Json support for all compilers and integrating cookie, SSL/TLS, content decoding, content compression and logging. There are many THttpCli improvements.
 
# A new TRestOAuth component for OAuth2 authentication including an integrated local web server.
 
# JOSE (Json Object Signing and Encryption) components supporting JWT, JWS and JWK.
 
# Simplified client SSL/TLS security and protocol settings. Support for SSL ALPN extension.
 
# A new TSslX509Certs component allowing ICS servers to automatically order, download and install SSL/TLS certificates from various suppliers, including free certificates from Let's Encrypt, and commercial certificates for DigiCert, Comodo, Thawte and GeoTrust from CertCentre AG. It also acts as a private CA to issue local certificates.
 
  
[[ICS_V8.58 | Detailed ICS 8.58 Release Notes]]
+
'''New samples'''
  
Major changes in '''ICS V8.50''' include:
+
Samples/Delphi/SslInternet/OverbyteIcsSnippets - Small samples of codes for FTP, HTTP, sockets and email.
  
# Two new components, TIcsProxy may be used to proxy any TCP protocol, TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing.
+
Samples/Delphi/OtherDemos/OverbyteIcsNetMon - Internet Packet Monitoring Components, display packets and traffic using Npcap and raw sockets.
# Multiple SSL host support to TSslWSocketServer and other servers through IcsHosts property, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates, private key and security level, and host name.
 
# Support for both OpenSSL 1.0.2 and 1.1.0 versions, with the DLLs digitally signed and checked during loading.
 
# ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions to PEM.  The server certificate chain can be validated and reported before the server starts.
 
# SSL certificates and requests can be created using ECC keys which use less bandwidth than RSA keys (but which few CAs support, yet) and alternate DNS names may be used as may other extended properties.
 
# HTML content code page detection and character set conversion to Delphi unicode strings, including converting entities (like &#9741;).
 
  
[[ICS_V8.50 | Detailed ICS 8.50 Release Notes]]
+
Samples/Delphi/OtherDemos/OverbyteIcsNetTools - Network Tools Demo, uses all the main IP Helper functions, also TTIcsNeighbDevices, TIcsDomainNameCache, IcsDnsQueuy, TDnsQueryHttps, TIcsWhoisCli, TIcsIpChanges, TPing and TPingThread.
 +
 
 +
Samples/Delphi/PlatformDemos/IcsHttpRestTstFmx - FMX HTTPS REST and OAuth, Send SMS and DNS over HTTPS functions demo.
 +
 
 +
Samples/Delphi/PlatformDemos/IcsSslMultiWebServ - FMX Advanced multi host web server demo.
 +
 
 +
Samples/Delphi/SslInternet/OverbyteIcsMQTTst - MQ Telemetry Transport message queuing service.
 +
 
 +
 
 +
'''Major sample updates for new components'''
 +
 
 +
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1 - Uses TSslWebSocketCli for WebSocket Client, New embedded TOAuthLoginForm window using TOAuthBrowser for OAuth2 logins. Select client SSL certificate from the Windows Certificate Store.
 +
 
 +
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ.dpr, OverbyteIcsDDWebService - Uses THttpWSSrvConn for WebSocket Server. IcsHosts can use server SSL certificate from the Windows Certificate Store. IcsHosts can now request a SSL certificate from the remote client. WebSocket server support. Uses TIcsDomainNameCache for multiple reverse DNS lookups.
 +
 
 +
Samples/Delphi/SslInternet/OverbyteIcsPemTool - Can now export an SSL certificate from the Windows Certificate Store with its private key.
 +
 
 +
Samples/delphi/OtherDemos/OverbyteIcsBatchDnsLookup - Uses TIcsDomainNameCache for multiple lookups.
 +
 
 +
Samples/Delphi/SslInternet/OverbyteIcsSslMailSnd, OverbyteIcsSslMailRcv, OverbyteIcsMailQuTst - New embedded TOAuthLoginForm window using TOAuthBrowser for OAuth2 logins.
 +
 
 +
Samples/delphi/OtherDemos/OverbyteIcsNsLookup - Uses single or multiple DNS servers, including built-in list of public servers, also sync requests.
 +
 
 +
 
 +
'''New Components'''
 +
 
 +
TIcsDomainNameCache and TIcsDomNameCacheHttps - cache forward and reverse DNS lookup requests, using several methods.
 +
 
 +
TIcsMonSocket - Internet monitoring using raw sockets.
 +
 
 +
TIcsMonPcap - Internet monitoring using Npcap NDIS driver.
 +
 
 +
TIcsIpChanges - Monitors IP address changes dynamically.
 +
 
 +
TIcsNeighbDevices - Builds historic LAN MAC device and IPv4 and IPv6 address table using ARP, neighbourhood and IP range scanning with reverse host lookup.
 +
 
 +
TOAuthBrowser - OAuth authentication browser window VCL/FMX form.
 +
 
 +
TSslWebSocketCli - WebSocket client protocol.
 +
 
 +
TIcsMQTTServer and TIcsMQTTClient - MQ Telemetry Transport message queuing service, client and server.
 +
 
 +
 
 +
'''Major Component Upgrades'''
 +
 
 +
TDnsQuery - Add synchronous methods and more response properties. Check multiple DNS server hosts including public DNS lists.
 +
 
 +
TSslWSocketServer - IcsHosts can use server SSL certificate from the Windows Certificate Store. IcsHosts can now request a SSL certificate from the remote client.
 +
 
 +
TIcsFtpMulti - Send NOOP command periodically during multi hour transfers so connections are not closed accidentally.
 +
 
 +
 
 +
'''New classes and Functions'''
 +
 
 +
THttpWSSrvConn - WebSocket server protocol.
 +
 
 +
Internet Helper Functions - Unit OverbyteIcsIpHlpApi.pas includes IpHlpConnsTable, IpHlpAdaptersInfo, IpHlpAdaptersAddr, IpHlpIpAddrTable, IpHlpIpNeighbTable, IpHlpIPForwardTable, IpHlpIpPathTable, IpHlpGetDnsServers, IpHlpIfTable2,
 +
 
 +
IpHlpIPStatistics, IpHlpUDPStatistics and many other functions.
 +
 
 +
TIcsMonFilterClass - Filter network traffic on protocols or IP addresses.
 +
 
 +
TIcsTrafficClass - Maintains network traffic statistics by protocols and IP addresses.
 +
 
 +
 
 +
More detailed release notes are at [[ICS_V9.0 | ICS 9.0 Release Notes]]
  
 
== Overbyte Website ==
 
== Overbyte Website ==
Line 80: Line 153:
 
There are four options to obtain the source code.
 
There are four options to obtain the source code.
  
[http://www.overbyte.eu/eng/products/ics.html '''Download from Overbyte web site''']
+
[https://www.overbyte.eu/eng/products/ics.html '''Download from Overbyte web site''']
  
ICS-V8 is the main development version and needed for RAD Studio XE4 and later.
+
ICS-V9 is the long term development version and needed for RAD Studio XE4 and later, it supports Delphi 7 and later.
Older versions are only here for very old compilers and don't have current SSL support.
 
  
== Latest Stable Version ICS V8.62 - recommended ==
+
== Latest Stable Version ICS V9.3 - recommended ==
  
This is the latest recommended version, which has been tested and used for various published ICS application.  It is updated for new releases of RAD Studio and major changes. V8.61 is the version displayed when RAD Studio starts and by the main unit OverbyteIcsWSocket.  Note these versions include the latest version of the OpenSSL DLLs at the time of release.   
+
This is the latest recommended version, which has been tested and used for various published ICS application.  It is updated for new releases of RAD Studio and major changes. V9.2 is the version displayed when RAD Studio starts and by the main unit OverbyteIcsWSocket.  Note these versions include the latest version of the OpenSSL DLLs at the time of release.   
  
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
Line 93: Line 165:
 
! Download !! Platforms
 
! Download !! Platforms
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv862.zip ICS-V8.62] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1c.
+
| [https://{{SERVERNAME}}/arch/icsv93.zip ICS-V9.3] || Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12, C++ Builder 10.4, 11 and 12. Includes OpenSSL 3.3.2, 3.2.3 and 3.0.15.
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv862-D103.zip ICS-V8.62] || Delphi 10.3 Rio only. Includes OpenSSL 1.1.1c.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv862-D102.zip ICS-V8.62] || Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.1c.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv862-D101.zip ICS-V8.62] || Delphi 10.1 Berlin only. Includes OpenSSL 1.1.1c.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv861.zip ICS-V8.61] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1b.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv860.zip ICS-V8.60] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. Includes OpenSSL 1.1.1b.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv859.zip ICS-V8.59] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.1a.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv858.zip ICS-V8.58] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.1.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv858-D103.zip ICS-V8.58] || Delphi 10.3 Rio only. Includes OpenSSL 1.1.1.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv858-D102.zip ICS-V8.58] || Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.1.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv858-D101.zip ICS-V8.58] || Delphi 10.1 Berlin only. Includes OpenSSL 1.1.1.
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/icsv853.zip ICS-V8.53] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin and 10.2 Tokyo, C++ Builder 2006 to XE3 and 10.2 Tokyo. Includes OpenSSL 1.1.0h.  
 
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv850.zip ICS-V8.50] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin and 10.2 Tokyo, C++ Builder 2006 to XE3. Includes OpenSSL 1.1.0f.  
+
| [https://{{SERVERNAME}}/arch/icsv93-new.zip ICS-V9.3] || Delphi 10.4, 11 and 12 only. Includes OpenSSL 3.3.2, 3.2.3 and 3.0.15.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv850-D102.zip ICS-V8.50] || Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.0f.
+
| [https://{{SERVERNAME}}/arch/icsv92.zip ICS-V9.2] || Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12, C++ Builder 10.4, 11 and 12. Includes OpenSSL 3.0.14. 3.2.2 and 3.3.1.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv850-D101.zip ICS-V8.50] || Delphi 10.1 Berlin only. Includes OpenSSL 1.1.0f.
+
| [https://{{SERVERNAME}}/arch/icsv92-new.zip ICS-V9.2] || Delphi 10.4, 11 and 12 only. Includes OpenSSL 3.0.14. 3.2.2 and 3.3.1.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv844.zip ICS-V8.44] || Delphi 7 to XE8, 10 Seattle, 10.1 Berlin and 10.2 Tokyo, C++ Builder 2006 to XE3. Includes OpenSSL 1.1.0e.  
+
| [https://{{SERVERNAME}}/arch/icsv91.zip ICS-V9.1] || Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12, C++ Builder 10.4, 11 and 12. Includes OpenSSL 3.0.13. 3.1.5 and 3.2.1.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv844-D102.zip ICS-V8.44] || Delphi 10.2 Tokyo only. Includes OpenSSL 1.1.0e.
+
| [https://{{SERVERNAME}}/arch/icsv91-new.zip ICS-V9.1] || Delphi 10.4, 11 and 12 only. Includes OpenSSL 3.0.13. 3.1.5 and 3.2.1.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv844-D101.zip ICS-V8.44] || Delphi 10.1 Berlin only. Includes OpenSSL 1.1.0e.
+
| [https://{{SERVERNAME}}/arch/icsv90.zip ICS-V9.0] || Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12, C++ Builder 2006 to XE3, 10.2, 10.3, 10.4, 11 and 12. Includes OpenSSL 3.1.2.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv844-D10S.zip ICS-V8.44] || Delphi 10 Seattle only. Includes OpenSSL 1.1.0e.
+
| [https://{{SERVERNAME}}/arch/icsv90-D12.zip ICS-V9.0] || Delphi 12 only. Includes OpenSSL 3.1.2.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv834.zip ICS-V8.34] || Delphi 7 to XE8, 10 Seattle and 10.1 Berlin, C++ Builder 2006 to XE3. Includes OpenSSL 1.1.0b.  
+
| [https://{{SERVERNAME}}/arch/icsv90-D11.zip ICS-V9.0] || Delphi 11 only. Includes OpenSSL 3.1.2.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv834-D101.zip ICS-V8.34] || Delphi 10.1 Berlin only. Includes OpenSSL 1.1.0b.
+
| [https://{{SERVERNAME}}/arch/icsv90-D104.zip ICS-V9.0] || Delphi 10.4 only. Includes OpenSSL 3.1.2.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv834-D10S.zip ICS-V8.34] || Delphi 10 Seattle only. Includes OpenSSL 1.1.0b.
+
| [https://{{SERVERNAME}}/arch/icsv870.zip ICS-V8.70] || Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4 and 11, C++ Builder 2006 to XE3, 10.2, 10.3, 10.4 and 11. Includes OpenSSL 3.0.7.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv826.zip ICS-V8.26] || Delphi 7 to XE8, 10 Seattle and 10.1 berlin, C++ Builder 2006 to XE3. Earliest version to support OpenSSL 1.0.2g and later.  
+
| [https://{{SERVERNAME}}/arch/icsv870-D110.zip ICS-V8.70] || Delphi 11 only. Includes OpenSSL 3.0.7.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv823.zip ICS-V8.23] || Delphi 7 to XE8 and 10 Seattle, C++ Builder 2006 to XE3
+
| [https://{{SERVERNAME}}/arch/icsv870-D104.zip ICS-V8.70] || Delphi 10.4 only. Includes OpenSSL 3.0.7.
 
|}
 
|}
  
From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of third party components, and allows them to be automatically downloaded and installed.  The same stable ICS versions listed above should be available from GetIt.  Beware GetIt install each new version in a new directory.  GetIt currently installs V8.58.
+
From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of third party components, and allows them to be automatically downloaded and installed.  The same stable ICS versions listed above should be available from GetIt.
  
 
== Zipped Daily Snapshots ==
 
== Zipped Daily Snapshots ==
Line 152: Line 202:
 
! Download !! Changes log
 
! Download !! Changes log
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv8w.zip ICS-V8 Snapshot] || [http://{{SERVERNAME}}/arch/change-log-icsv8.xml View]
+
| [https://{{SERVERNAME}}/arch/icsv9w.zip ICS-V9 Snapshot] || [http://{{SERVERNAME}}/arch/change-log-icsv9.xml View]
 
|}
 
|}
  
Line 162: Line 212:
  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv7w.zip ICS-V7 Archive] || [http://{{SERVERNAME}}/arch/change-log-icsv7.xml View]
+
| [https://{{SERVERNAME}}/arch/arch-samples-V9.1.zip ICS-V9.1 Archived Samples] ||
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv6w.zip ICS-V6 Archive] || [http://{{SERVERNAME}}/arch/change-log-icsv6.xml View]
+
| [https://{{SERVERNAME}}/arch/icsv8w.zip ICS-V8 Archive] || [http://{{SERVERNAME}}/arch/change-log-icsv8.xml View]
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| [http://{{SERVERNAME}}/arch/icsv5w.zip ICS-V5 Archive] || [http://{{SERVERNAME}}/arch/change-log-icsv5.xml View]
+
| [https://{{SERVERNAME}}/arch/icsv7w.zip ICS-V7 Archive] || [http://{{SERVERNAME}}/arch/change-log-icsv7.xml View]
 +
|- style="background:#fff;"
 +
| [https://{{SERVERNAME}}/arch/icsv6w.zip ICS-V6 Archive] || [http://{{SERVERNAME}}/arch/change-log-icsv6.xml View]
 +
|- style="background:#fff;"
 +
| [https://{{SERVERNAME}}/arch/icsv5w.zip ICS-V5 Archive] || [http://{{SERVERNAME}}/arch/change-log-icsv5.xml View]
 
|}
 
|}
  
Line 177: Line 231:
 
! ICS Version !! SVN URL !! HTTP URL
 
! ICS Version !! SVN URL !! HTTP URL
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| ICS-V8 || svn://svn.overbyte.be/ics/trunk || http://svn.overbyte.be:8443/svn/ics/trunk
+
| ICS-V9 || svn://svn.overbyte.be/icsv9 || https://svn.overbyte.be/svn/icsv9
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| ICS-V7 || svn://svn.overbyte.be/ics/tags/icsv7 || http://svn.overbyte.be:8443/svn/ics/tags/icsv7
+
| ICS-V8 || svn://svn.overbyte.be/ics/trunk || https://svn.overbyte.be/svn/ics/trunk
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| ICS-V6 || svn://svn.overbyte.be/ics/tags/v6_obsolete || http://svn.overbyte.be:8443/svn/ics/tags/v6_obsolete
+
| ICS-V7 || svn://svn.overbyte.be/ics/tags/icsv7 || https://svn.overbyte.be/svn/ics/tags/icsv7
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| ICS-V5 || svn://svn.overbyte.be/icsv5 || http://svn.overbyte.be:8443/svn/icsv5
+
| ICS-V6 || svn://svn.overbyte.be/ics/tags/v6_obsolete || https://svn.overbyte.be/svn/ics/tags/v6_obsolete
 +
|- style="background:#fff;"
 +
| ICS-V5 || svn://svn.overbyte.be/icsv5 || https://svn.overbyte.be/svn/icsv5
 
|}
 
|}
  
 
Use username = '''ics''' and password = '''ics''' for read access. Write access is only available to TeamICS.
 
Use username = '''ics''' and password = '''ics''' for read access. Write access is only available to TeamICS.
  
== Download OpenSSL Binaries (required for SSL-enabled components) ==
+
== Download OpenSSL Binaries==
 +
 
 +
The OpenSSL binaries are required for all ICS SSL-enabled components.
 +
 
 +
The 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform, the 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications.
 +
 
 +
Please note older versions of the ICS source code had an internal check to only allow loading of the latest OpenSSL it was tested with, so you could not use new DLLs with an old application without recompiling with the latest version of ICS first.
 +
 
 +
OpenSSL 1.0.2 and later were only supported by ICS v8, v7 is no longer updated for new OpenSSL versions.  This was a long term support version for which free support ceased at the end of 2019 unless you have an OpenSSL Premium Level Support contract for $50,000/year. ICS V8.65 was the last version to support 1.0.2.
 +
 
 +
OpenSSL 1.1.0 is obsolete and no longer supported. ICS V8.65 is the last version to support 1.1.0. 
 +
 
 +
OpenSSL 1.1.1 was a long term support version and added support for TLSv1.3 RFC8446 and various new cryptographic private key and hash digest types.  Delphi applications require ICS V8.57 or later.  ICS V8.57 and later include the Win32 and Win64 OpenSSL 1.1.1 files. Support ceased in September 2023 unless you have an OpenSSL Premium Level Support contract for $50,000/year. OpenSSL 1.1.1 only supports Windows Vista and later, not XP. ICS V9.0 was the last version to support 1.1.1. 
  
Please note older versions of the ICS source code had an internal check to only allow loading of the latest OpenSSL it was tested with, so you could not use new DLLs with an old application without recompiling with the latest version of ICS first. But ICS V8.16 on 25th March 2015 relaxed this check so that minor versions with a letter suffix that don't add new features or break anything (in theory) are now supported.  This worked for about a year, but OpenSSL 1.0.2g and 1.0.1s, and later, no longer support SSLv2 which means old versions of ICS can no longer load them, so V8.24 dated 3rd March 2016 or later is now needed for these current and newer OpenSSL releases.  ICS V8.24 and later will currently support up to 1.0.2z, and V8.33 and later up to 1.1.0z.  Also note ICS V8 no longer supports 1.0.1 and earlier. 
+
OpenSSL 3.0 is a major new release, primarily a lot of internal changes to ease long term support. ICS 8.67 is required to support 3.0. There is an optional FIPS module with 3.0 but not available here since our DLLs are not built to standards required for certification. The old engines for special extensions are replaced by new more versatile providers of which the FIPS module is one, a provider legacy.dll contained in the distribution has obsolete ciphers and hash digests that most applications no longer need and which needs to loaded by the application. This version will be supported until September 2026.
  
OpenSSL removed support for the obsolete SSLv2 protocol in 2016 from 1.0.1s and 1.0.2g and ICS V8.35 finally removed SSLv2 support even with older OpenSSL releases.
+
OpenSSL 3.1 is a minor new release, primarily FIPS improvements. ICS 8.67 is required to support 3.1. This version will be supported until March 2025. ICS is no longer updating these DLLs.  
  
OpenSSL 1.0.2 and later are only supported by ICS v8, v7 is no longer updated for new OpenSSL versions. The 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform, the 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications. Note that ICS V8.24 dated 3rd March 2016 and later included the latest OpenSSL 1.0.2 Win32 files to avoid a separate download. This was a long term support version for which support ceases at the end of 2019.
+
OpenSSL 3.2 is a minor new release with QUIC client support for HTTP/3 and many other improvements. ICS 8.67 is required to support 3.2. This version will be supported until November 2025.  
  
OpenSSL 1.1.0 is a major new version with new DLL file names and many different exports, and requires ICS V8.33 dated 29th August 2016, or later. Generally, applications need not be changed, but there are several new SSL features in V8.33 that should be studied. Beware the OpenSSL 1.1.0 and later DLLs may not be used with any existing SSL applications until they have been specifically updated to support all the changes. ICS V8.33 to V8.56 include the Win32 and Win64 OpenSSL 1.1.0 files. Support ceases for 1.1.0 in September 2019.  
+
OpenSSL 3.3 is a minor new release, minor QUIC and other features. ICS 8.67 is required to support 3.3. This version will be supported until April 2026.
  
OpenSSL 1.1.1 is the latest long term support version and adds support for TLSv1.3 RFC8446 and various new cryptographic private key and hash digest types. Delphi applications require ICS V8.57 or laterICS V8.57 and later include the Win32 and Win64 OpenSSL 1.1.1 files. This version will be supported until 2023. OpenSSL 1.1.1 only supports Windows Vista and later, not XP.  
+
OpenSSL 3.4 is a minor new release, minor newr features. ICS 8.67 is required to support 3.4. There is a bug fix in ICS 9.4.  This version will be supported until October 2026.  
  
The next major version of OpenSSL will be 3.0.0 due for release in 2020, with a FIPS module. No major ICS changes will be needed to support 3.0.0. 
+
Please note that ICS does not use any of the new features in OpenSSL 3.2 or later at present, so continuing to use the latest patch version of 3.0 with security fixes is generally fine.
  
Firefox version 63 and Chrome 71 both support TLSv1.3 final RFC8446, note Chrome has settings for older beta versions that must be disabled.
+
The OpenSSL DLLs and EXE files included in the zips above are digitally code signed 'Magenta Systems Ltd', one of the organisations that maintains ICS. The Magenta Systems Code Signing Trust and Certificate Check component may be used to check the correctly signed DLLs are being used by ICS, with this functionality included in  ICS V8.38 and later.  Beware that Windows needs recent root certificates to check newly signed code, and may give an error if the root store has not been kept current by Windows Update, particularly on older versions of Windows such as XP, Vista and 7.
  
The OpenSSL DLLs and EXE files included in the latest zips below are digitally code signed 'Open Source Developer, François PIETTE', the lead developer for ICS.  ICS V8.38 and later check the DLLs are correctly signed when opening them.  Beware that Windows needs recent root certificates to check newly signed code, and may give an error if the root store has not been kept current by Windows Update, particularly on older versions of Windows such as XP, Vista and 7.   
 
 
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
 
|-
 
|-
 
! Date !! Download !! Description !! Comments
 
! Date !! Download !! Description !! Comments
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.1.1d-win64.zip OpenSSL Binaries Win-64 1.1.1d requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
+
| 2024-10-25 || [https://{{SERVERNAME}}/arch/openssl-3.4.0-win64.zip OpenSSL Binaries Win-64 3.4.0 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.1.1d-win32.zip OpenSSL Binaries Win-32 1.1.1d requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
+
| 2024-10-25|| [https://{{SERVERNAME}}/arch/openssl-3.4.0-win32.zip OpenSSL Binaries Win-32 3.4.0 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 ||  
 +
Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.1.0l-win64.zip OpenSSL Binaries Win-64 v1.1.0l requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2024-09-05 || [https://{{SERVERNAME}}/arch/openssl-3.3.2-win64.zip OpenSSL Binaries Win-64 3.3.2 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.1.0l-win32.zip OpenSSL Binaries Win-32 v1.1.0l requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2024-09-05|| [https://{{SERVERNAME}}/arch/openssl-3.3.2-win32.zip OpenSSL Binaries Win-32 3.3.2 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 ||  
 +
Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.0.2t-win64.zip OpenSSL Binaries Win-64 v1.0.2t, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2024-09-05 || [https://{{SERVERNAME}}/arch/openssl-3.2.3-win64.zip OpenSSL Binaries Win-64 3.2.3 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-09-12 || [http://{{SERVERNAME}}/arch/openssl-1.0.2t-win32.zip OpenSSL Binaries Win-32 v1.0.2t, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2024-09-05 || [https://{{SERVERNAME}}/arch/openssl-3.2.3-win32.zip OpenSSL Binaries Win-32 3.2.3 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 ||  
 +
Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.1.1c-win64.zip OpenSSL Binaries Win-64 1.1.1c requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
+
| 2024-09-05 || [https://{{SERVERNAME}}/arch/openssl-3.0.15-win64.zip OpenSSL Binaries Win-64 3.0.15 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.1.1c-win32.zip OpenSSL Binaries Win-32 1.1.1c requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
+
| 2024-09-05 || [https://{{SERVERNAME}}/arch/openssl-3.0.15-win32.zip OpenSSL Binaries Win-32 3.0.15 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.1.0k-win64.zip OpenSSL Binaries Win-64 v1.1.0k requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2024-06-06 || [https://{{SERVERNAME}}/arch/openssl-3.3.1-win64.zip OpenSSL Binaries Win-64 3.3.1 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.1.0k-win32.zip OpenSSL Binaries Win-32 v1.1.0k requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2024-06-06|| [https://{{SERVERNAME}}/arch/openssl-3.3.1-win32.zip OpenSSL Binaries Win-32 3.3.1 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 ||  
 +
Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.0.2s-win64.zip OpenSSL Binaries Win-64 v1.0.2s, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2024-06-06 || [https://{{SERVERNAME}}/arch/openssl-3.2.2-win64.zip OpenSSL Binaries Win-64 3.2.2 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-05-28 || [http://{{SERVERNAME}}/arch/openssl-1.0.2s-win32.zip OpenSSL Binaries Win-32 v1.0.2s, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2024-06-06 || [https://{{SERVERNAME}}/arch/openssl-3.2.2-win32.zip OpenSSL Binaries Win-32 3.2.2 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 ||  
 +
Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-02-27 || [http://{{SERVERNAME}}/arch/openssl-1.1.1b-win64.zip OpenSSL Binaries Win-64 1.1.1b requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
+
| 2024-06-06 || [https://{{SERVERNAME}}/arch/openssl-3.0.14-win64.zip OpenSSL Binaries Win-64 3.0.14 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-02-27 || [http://{{SERVERNAME}}/arch/openssl-1.1.1b-win32.zip OpenSSL Binaries Win-32 1.1.1b requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
+
| 2024-06-06 || [https://{{SERVERNAME}}/arch/openssl-3.0.14-win32.zip OpenSSL Binaries Win-32 3.0.14 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-02-27 || [http://{{SERVERNAME}}/arch/openssl-1.0.2r-win64.zip OpenSSL Binaries Win-64 v1.0.2r, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2024-02-05 || [https://{{SERVERNAME}}/arch/openssl-3.1.5-win64.zip OpenSSL Binaries Win-64 3.1.5 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2019-02-27 || [http://{{SERVERNAME}}/arch/openssl-1.0.2r-win32.zip OpenSSL Binaries Win-32 v1.0.2r, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2024-02-05 || [https://{{SERVERNAME}}/arch/openssl-3.1.5-win32.zip OpenSSL Binaries Win-32 3.1.5 requires ICS V8.67 or later] || Built with Visual Studio Build Tools 2017 ||  
 +
Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.1a-win64.zip OpenSSL Binaries Win-64 1.1.1a requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
+
| 2023-09-21 || [https://{{SERVERNAME}}/arch/openssl-1.1.1w-win64.zip OpenSSL Binaries Win-64 1.1.1w requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.1a-win32.zip OpenSSL Binaries Win-32 1.1.1a requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
+
| 2023-09-21 || [https://{{SERVERNAME}}/arch/openssl-1.1.1w-win32.zip OpenSSL Binaries Win-32 1.1.1w requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.0j-win64.zip OpenSSL Binaries Win-64 v1.1.0j requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.  
+
| 2020-03-18 || [https://{{SERVERNAME}}/arch/openssl-1.0.2u-win64.zip OpenSSL Binaries Win-64 1.0.2u requires ICS V8.24 to ICS V8.65] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.  
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.1.0j-win32.zip OpenSSL Binaries Win-32 v1.1.0j requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed.
+
| 2020-03-18 || [https://{{SERVERNAME}}/arch/openssl-1.0.2u-win32.zip OpenSSL Binaries Win-32 1.0.2u requires ICS V8.24 to ICS V8.65] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
 
|- style="background:#fff;"
 
|- style="background:#fff;"
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.0.2q-win64.zip OpenSSL Binaries Win-64 v1.0.2q, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.
 
|- style="background:#fff;"
 
| 2018-11-20 || [http://{{SERVERNAME}}/arch/openssl-1.0.2q-win32.zip OpenSSL Binaries Win-32 v1.0.2q, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed. 
 
|- style="background:#fff;"
 
| 2018-09-11 || [http://{{SERVERNAME}}/arch/openssl-1.1.1-win64.zip OpenSSL Binaries Win-64 1.1.1 requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
 
|- style="background:#fff;"
 
| 2018-09-11 || [http://{{SERVERNAME}}/arch/openssl-1.1.1-win32.zip OpenSSL Binaries Win-32 1.1.1 requires ICS V8.57 or later] || Built with Visual Studio Build Tools 2017 || Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
 
|- style="background:#fff;"
 
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.1.0i-win64.zip OpenSSL Binaries Win-64 v1.1.0i requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || For 64-bit applications only (XE2+). Digitally code signed.
 
|- style="background:#fff;"
 
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.1.0i-win32.zip OpenSSL Binaries Win-32 v1.1.0i requires ICS V8.32 or later] || Built with Visual Studio Build Tools 2017 || Use with 32-bit applications on Windows 64-bit. Digitally code signed. 
 
|- style="background:#fff;"
 
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.0.2p-win64.zip OpenSSL Binaries Win-64 v1.0.2p, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". For 64-bit applications only (XE2+). Digitally code signed.
 
|- style="background:#fff;"
 
| 2018-08-14 || [http://{{SERVERNAME}}/arch/openssl-1.0.2p-win32.zip OpenSSL Binaries Win-32 v1.0.2p, requires ICS V8.24 or later] || Built with Visual Studio Build Tools 2017 || Built with default OpenSSL options, replaced "/MD" by "/MT". Use with 32-bit applications on Windows 64-bit. Digitally code signed. 
 
 
|}
 
|}
  
Line 270: Line 327:
  
 
OpenSSL website also [http://www.openssl.org/related/binaries.html links] to [http://www.slproweb.com/products/Win32OpenSSL.html Win32OpenSSL website] providing another build of Win32 DLL binaries. Note note that unlike the builds above builds on that site may have dependencies on Visual C++ 2008 Redistributables (to keep dll files smaller) so make sure you include all the required (and correct) redistributable files in your software installation. You probably don't have to care about that if you use binaries above at the cost of slightly larger DLLs. Also note that site does not keep archives of older versions so you may want to watch their page if you prefer their binaries.
 
OpenSSL website also [http://www.openssl.org/related/binaries.html links] to [http://www.slproweb.com/products/Win32OpenSSL.html Win32OpenSSL website] providing another build of Win32 DLL binaries. Note note that unlike the builds above builds on that site may have dependencies on Visual C++ 2008 Redistributables (to keep dll files smaller) so make sure you include all the required (and correct) redistributable files in your software installation. You probably don't have to care about that if you use binaries above at the cost of slightly larger DLLs. Also note that site does not keep archives of older versions so you may want to watch their page if you prefer their binaries.
 
== Browser Demo Application using HtmlViewer ==
 
 
This is an example internet browser using the HtmlViewer component from [https://github.com/BerndGabriel/HtmlViewer GitHub (11.8)].
 
 
The browser demo is in the ICS nightly zip, in the folder samples\delphi\browserdemo, the project is FrameBrowserIcs.dpr. An  executable version of the new demo may also be downloaded from here, built with HtmlViewer 11.8 and ICS V8.59, using Delphi 10.2 Tokyo.  Beware HtmlViewer 11.8 only appears to support up to Delphi 10 Seattle, I took paackages and files from master to build in 10.2 Tokyo.
 
 
{| border="1" cellpadding="4" style="background:#eee;border:1px solid #ccc;text-align:left;border-collapse:collapse;"
 
|-
 
! Download
 
|- style="background:#fff;"
 
| [http://{{SERVERNAME}}/arch/FrameBrowserIcs.zip Executable Browser Demo - last update V8.61]
 
|}
 
 
The HtmlViewer component must be downloaded and installed before the demo can be built.  The demo is based on FrameBrowserIndy project but with various enhancements, specifically display of all HTTP, SSL and some or all HTML traffic which makes it very useful for debugging the THttpCli component.
 
 
The Options, Settings window allow the SSL security level to be adjusted to various TLS and cipher variations, which can be useful testing web sites that ICS has difficulty accessing. 
 
 
The project is a good basic browser for HTML4, but does not support any scripting, so some sites without backward compatibility may appear strange.
 

Latest revision as of 11:24, 26 October 2024

ICS is available as source code only. You need Delphi to build the sample programs and create your own application.

ICS versions available:

  • ICS-V9 for Delphi 7 to Delphi 12 / C++ Builder 10.2 to 12, FireMonkey cross platform support for POSIX/MacOS (long term support release, 32 and 64-bit).
  • ICS-V8 for Delphi 7 to Delphi 11 (stable release, no new development, please upgrade to V9).
  • ICS-V7 for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder XE3 (discontinued and obsolete, please upgrade to V9).
  • ICS-V6 for Delphi 7 / C++ Builder 2006 to Delphi / C++ Builder 2007 (discontinued and obsolete, please upgrade to V9 if you do not have to support Windows versions < W2K).
  • ICS-V5 for Delphi / BCB 1 to Delphi / C++ Builder 2007 and Delphi .NET (discontinued and obsolete, please upgrade to V9).

ICS News

Changes in ICS V9.3 include:

  1. V9.3 continues the simplification of use of ICS components by consolidating many types and constants into the OverbyteIcsTypes unit, avoiding projects needing to find and add specific units before they will build. For XE2 and later, OverbyteIcsTypes and OverbyteIcsSslBase will be added automatically when components needing them are dropped on a form, or that form accessed for existing projects. One benefit of this change is removing dependence on several units for many components and applications, it should be possible to remove OverbyteIcsWinsock, OverbyteIcsLIBEAY, OverbyteIcsSSLEAY and OverbyteIcsLogger from most applications, and also other units. See https://wiki.overbyte.eu/wiki/index.php?title=Updating_projects_to_V9.3 for more information.
  2. Previously, the Windows Certificate Store was supported on Windows for all components and samples, despite it not always being required. There are three new defines {$DEFINE MSCRYPT_Clients}, {$DEFINE MSCRYPT_Servers} and {$DEFINE MSCRYPT_Tools) that determine which components can use the store, at least one must be set or applications that need the store will fail. Although these new defines all default to enabled in the OverbyteIcsDefs.inc supplied with V9.3 and later, unless this file is installed, Windows Certificate Store will be unavailable. These defines are disabled for non-Windows platforms and for C++ Builder which has bugs.
  3. Added new application independent monitoring, comprising a client component and server sample. The ICS Application Monitor TIcsAppMonCli client component is designed to report to an ICS Application Monitor server, which will ensure the main application remains running. The ICS Application Monitor server IcsAppMon.exe is designed to monitor ICS applications using the TIcsAppMonCli client component, and ensure they remain running, restarting the application if it stops or becomes non-responsive, or on demand. Primarily to keep ICS server Windows services running non-stop, but may also be used for network wide monitoring of ICS applications. Client and server both use the TIcsIpStrmLog component with a simple TCP protocol. More information at https://wiki.overbyte.eu/wiki/index.php?title=FAQ_ICS_Application_Monitoring
  4. The HTTP client components TSslHttpCli and TSslHttpRest have new RespMimeType and RespCharset response properties parsed from the Content-Type header to avoid applications needing to parse this headers. Fixed a problem in V9.2 where a missing / was added to the start of the request path, but was not needed for absolute paths used for proxies.
  5. The TIcsIpStrmLog streaming log component has improvements for TCP Server mode when multiple remote clients connect. Previously the same data was sent to all remote clients (the original concept being remote logging), but now applications can send data to specific remote clients, and more easily check which remote client is receiving data. This change means TIcsIpStrmLog can be used as the core of many TCP servers with different protocols, such as the new IcsAppMon sample, see above.
  6. The TSslHttpRest and component has a new way for applications to check SSL certificate chains themselves, ignoring OpenSSL bundle checks, usually for self signed private certificates, maybe checking certificate serials, names or public key. If LogSslVerMethod = logSslVerOwnEvent, a new event OnSslCertVerifyEvent is called so the application can check the chain and change the verify result appropriately.
  7. Improved the ability to customise SSL ciphers if the ICS defaults need to be changed. TSslContext and TIcsHosts have three properties, SslCipherList for TLSv12 ciphers, SslCipherList13 for TLSv13 ciphers, and SslCryptoGroups sets the cipher curve groups allowed (like P-256 or X25519). Beware old SslContexts may include group P-512 which must be corrected to T-521. SSL handshake responses now show the curve group used for OpenSSL 3.2 and later. The OverbyteIcsHttpsTst client sample may be used to test the new cipher options, and they will be read from IcsHosts INI files for servers.
  8. Added a new web server sample OverbyteIcsBasicWebServer1.dpr which is a simplified version of OverbyteIcsSslMultiWebServ ignoring configuration INI files, security features, session data, most demo pages and most logging, and settings for localhost set in code, search for IcsHosts to change IP addresses, etc. This sample should be easier to use as a basis for new web server applications. The existing samples OverbyteIcsSslMultiWebServ and OverbyteIcsDDWebService have a new index.html template page, and default to localhost 127.0.0.1 with an internal localhost SSL certificate, so should always response to https://localhost/ without any INI file changes.
  9. Fixed an HTTP web server problem in V9.2 to avoid repeated redirection for virtual default page /, was adding /// etc.
  10. Updated OpenSSL binary and resource files to releases 3.3.2, 3.2.3 and 3.0.15, only one of which will be linked according to defines.
  11. Restored the sample OverbyteIcsConHttp.dpr which is a console example, now supports SSL by replacing THttpCli with TSslHttpRest, no longer needs any events or a message loop for a single sync request, so a less code than without SSL. Now contacts https://wiki.overbyte.eu/wiki.
  12. A lot of changes have been made preparing ICS for Linux. Corrected loading OpenSSL on Posix, now loads the system supplied OpenSSL 3 DLLs on Ubuntu 22.04. The Linux package now builds correctly, but beware WSocket is not yet supported on Linux so no protocols will work. There is a new IcsPemTest FMX sample that works on Ubuntu 22.04 and which will create ICS signed SSL certificates. Note, MacOS support is disabled pending the new Posix implementation.

Changes in ICS V9.2 include:

  1. V9.2 is a minor release, fixing a few issues introduced in the last major release, and other bugs located since. There are no breaking or installation changes from V9.1, but if updating from earlier releases please read https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1
  2. TIcsMailQueue can now queue a prepared EML file created by another application, or perhaps received by the SMTP Server. Added optional SkipEmpty argument to StartMailQu method so queue is not started unless there are pending emails waiting to be sent. The sample has 'Send Prepared EML File' to queue an existing EML file rather then preparing email with properties.
  3. Improved email MIME decoding by supporting embedded boundaries, usually for multipart/alternative parts, within a multipart/mixed message, using code written 20 years ago but suppressed for some reason. Previously these parts were sometimes left encoded within a part. There is a new property LooseRFC to allow decoding if the boundaries in the body are missing the two required hyphens, usually because the boundary also begins with hyphens. TMimeDecodeEx should now always return the body if no MIME parts are found, and TPartInfo has PLevel which is Part Level, and PInfo which is displayable part information for logs. The MimeDDemo sample has various improvements to test these features.
  4. Fixed a nasty Win64 problem reading EC certificates from the Windows Store, which may have caused server crashes, also reproducible in the PemTool listing the Windows Store. This was due to Win64 bad initialisation of a buffer used for a Crypto API call that failed.
  5. The HTTP client now check the URL always has / at start of the path, ie add it for test.com?query. In the REST client, added a sanity check for RawParameters to encode any spaces, which can break the HTTP request. After a file download completed, check actual file size against response size. The multipart/form-data MimeBoundary no longer includes extra -- at start that are required preceding boundaries within parts, some web servers may have been unable to decode our MIME encoding.
  6. The HTTP server has a new method AnswerRedirect for various redirection responses to a new URL. When accessing the default document in a path without a trailing path delimited /, redirect using 301 to the correct path with delimiter instead of adding it locally and displaying the document which will then incorrectly link to pages in a higher level directory. Using the THttpOption hoAddMissPath redirects if the default document is missing perhaps a template or virtual document. Fixed a bug where authenticated POST/PUT requests always returned a 404 error. Added AnswerBodyTB client response with TBytes binary, similar to AnswerString, tested in the sample by supporting favicon.ico request. Check if the request HTTP version gets corrupted due to spaces in the URL, which are not allowed. The SslMultiWebServ sample has new web pages to test POST/PUT and template authentication.
  7. TSslX509Certs has a new function CertResetDomain to reset a certificate order state to None, if the order process stalls or gets confused due to errors. If AcmeV2StartChallgs fails because there are no pending challenges, reset to order to None so it starts again next time and does not loop.
  8. ICS not longer tries to load OpenSSL RAND_screen function that may be missing from recent DLLs.
  9. TIcsHttpMulti fixes a bug introduced in V8.66 that stopped the application setting authentication, rather than adding it to the URL, and a Win64 free stream bug.
  10. TIcsIpStrmLog correctly counts failed client connection attempts if ping is not used first to check the remote IP address. The sample has a new client Retry Attempts box to test this.
  11. Updated the Snippets sample to use authentication to access some the hardcoded URLs, which started failing after authentication was added to test web server bugs (see above).
  12. Added OverbyteIcsHttpThrd sample to show how to use TSslHttpRest component in a multi-threaded program.
  13. Improved Posix support for Linux and Android, not tested or supported yet. Beware SSL does not correctly load for Posix at the moment.
  14. Added support for a new feature release of OpenSSL 3.3 with {$DEFINE OpenSSL_33} in the Defs.inc file, ICS includes new versions of the active versions, 3.3.1, 3.2.2 and 3.0.14, but no longer includes 3.1 since there are two newer feature versions.
  15. Updated the 'ICS Intermediate Short' SSL certificates, used by ICS to generate temporary server certificates to allow SSL servers to run until a Let's Encrypt or commercial certificate is installed. It now expires after 200 days, 21st December 2024, after which self signed certificates will be used instead, unless a newer 'short' is installed.
  16. Only Delphi 10.41 and 10.42 (10.4 with updates 1 or 2) will install correctly with the new install packages, the original RTM version does not support the package LIB suffix: $(Auto) so you must change it manually for each package to 21.0.

Major Changes in ICS V9.1:

Although ICS V9.1 does not contain any new components, there are many other SSL/TLS changes that will affect existing applications, but make ICS easier to use and support for the future.

  1. Delphi 10.4 and later now use the same install groups and packages, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx, making support a lot easier. Version specific groups remain for Delphi 10.3 and earlier, with new groups D(X)InstallVcl for VCL only replacing the old OverbyteIcs(X) groups, again to simplify support. Dozens of old packages have been removed for this release, so please delete all old groups and packages before installing V9.1, to avoid a mix of old and new packages. Only C++ 10.4 and later are now supported, but untested.
  2. The old samples directory has gone and many of the older and little used samples have been archived to a separate download. The active samples used to test and demonstrate all ICS components are now split into the following paths, in the ICS root directory: All these samples can now be built for Win32 and Win64 platforms.
    1. demos-delphi-vcl - 45 VCL samples for Windows.
    2. demos-delphi-extra - four VCL samples that need third party components to build.
    3. demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS.
    4. demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help.
    5. demos-data - data files for samples, such as web pages.
  3. To ease development, linking and future support, some new units have been added by splitting existing units with multiple components, unfortunately this means many existing projects will need one or more of the new units adding to their uses section. Apologies for the pain, but this should have been done a long time ago. The main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket unit to a new unit OverbyteIcsSslBase.
  4. Distribution of the ICS OpenSSL files has changed. Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code. There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing the public variable GSSL_DLL_DIR set to a specific directory before OpenSSL was loaded. Likewise, root CA bundle directories had to be distributed with applications and loaded with code. ICS V9.1 allows five different ways of loading OpenSSL: Which method ICS uses to load OpenSSL depends upon several defines in the .\Source\Include\OverbyteIcsDefs.inc file, please see the readme9.txt file for details. ICS currently includes resource files for three different OpenSSL releases, 3.0`13. 3.1.5 and 3.2.1, which version is linked is controlled by a define. If the OpenSSL DLLs are linked into the application, they are extracted to a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ so different applications can use different OpenSSL versions. This happens only once if the files have not already been extracted. When updating existing projects without using any new defines, the ICS old behaviour of methods 3, 4 and 5 above remain with no changes needed.
    1. DLLs linked into application as resource files
    2. DLLs loaded from common directory C:\ProgramData\ICS-OpenSSL\
    3. OpenSSL DCU linked into application using commercial YuOpenSSL
    4. DLLs loaded from location specified in public variable GSSL_DLL_DIR
    5. DLLs loaded according to path, may be found anywhere on PC
  5. A common IcsSslRootCAStore component is now created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. The three different CA stores included with ICS are now supplied as resource files, with a define determining which is linked into applications.Another define causes OpenSSL and this store to be loaded at application startup, so OpenSSL is available for allcomponents, without it needing to be loaded again, perhaps repeatedly. Without new defines, a CA Store can be loaded manually into IcsSslRootCAStore. The ICS servers use CA Stores now use IcsSslRootCAStore and no longer load any files specified.
  6. All SSL/TLS servers need a certificate and private key to start, even when testing. Previously ICS supplied some self signed certificates for testing, and also created such certificates automatically if they were missing or if the server was about to order a Let's Encrypt certificate. Accessing such servers for testing using browsers raised various warnings.ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before. If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give no warnings. The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly. There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use. It is possible to replace the ICS root with your own private root certificate and have servers create their own certificates against that root, for internal networks.
  7. The TSslHttpRest component now allows TRestParams to be created as content type 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, allowing multiple files and extra parameters. TRestParams are now built into a TStream rather than a string to allow larger parameter sizes, tested up to 8GB. The ICS web server samples have improved MIME decoding to accept massive uploads.
  8. Several client and server components have a new property NoSSL which if set will prevent those components using SSL/TLS for HTTPS or FTPS, even if the application is linked with OpenSSL code. Beware the IcsSslRootCAStore component must not be initialised by the application.

Full release notes are at More detailed release notes are at ICS 9.1 Release Notes

More detailed instructions for updating to V9.1 are at [[Updating_projects_to_V9.1 | pdating projects to V9.1]


Major Changes in ICS V9.0 include:

New samples

Samples/Delphi/SslInternet/OverbyteIcsSnippets - Small samples of codes for FTP, HTTP, sockets and email.

Samples/Delphi/OtherDemos/OverbyteIcsNetMon - Internet Packet Monitoring Components, display packets and traffic using Npcap and raw sockets.

Samples/Delphi/OtherDemos/OverbyteIcsNetTools - Network Tools Demo, uses all the main IP Helper functions, also TTIcsNeighbDevices, TIcsDomainNameCache, IcsDnsQueuy, TDnsQueryHttps, TIcsWhoisCli, TIcsIpChanges, TPing and TPingThread.

Samples/Delphi/PlatformDemos/IcsHttpRestTstFmx - FMX HTTPS REST and OAuth, Send SMS and DNS over HTTPS functions demo.

Samples/Delphi/PlatformDemos/IcsSslMultiWebServ - FMX Advanced multi host web server demo.

Samples/Delphi/SslInternet/OverbyteIcsMQTTst - MQ Telemetry Transport message queuing service.


Major sample updates for new components

Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1 - Uses TSslWebSocketCli for WebSocket Client, New embedded TOAuthLoginForm window using TOAuthBrowser for OAuth2 logins. Select client SSL certificate from the Windows Certificate Store.

Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ.dpr, OverbyteIcsDDWebService - Uses THttpWSSrvConn for WebSocket Server. IcsHosts can use server SSL certificate from the Windows Certificate Store. IcsHosts can now request a SSL certificate from the remote client. WebSocket server support. Uses TIcsDomainNameCache for multiple reverse DNS lookups.

Samples/Delphi/SslInternet/OverbyteIcsPemTool - Can now export an SSL certificate from the Windows Certificate Store with its private key.

Samples/delphi/OtherDemos/OverbyteIcsBatchDnsLookup - Uses TIcsDomainNameCache for multiple lookups.

Samples/Delphi/SslInternet/OverbyteIcsSslMailSnd, OverbyteIcsSslMailRcv, OverbyteIcsMailQuTst - New embedded TOAuthLoginForm window using TOAuthBrowser for OAuth2 logins.

Samples/delphi/OtherDemos/OverbyteIcsNsLookup - Uses single or multiple DNS servers, including built-in list of public servers, also sync requests.


New Components

TIcsDomainNameCache and TIcsDomNameCacheHttps - cache forward and reverse DNS lookup requests, using several methods.

TIcsMonSocket - Internet monitoring using raw sockets.

TIcsMonPcap - Internet monitoring using Npcap NDIS driver.

TIcsIpChanges - Monitors IP address changes dynamically.

TIcsNeighbDevices - Builds historic LAN MAC device and IPv4 and IPv6 address table using ARP, neighbourhood and IP range scanning with reverse host lookup.

TOAuthBrowser - OAuth authentication browser window VCL/FMX form.

TSslWebSocketCli - WebSocket client protocol.

TIcsMQTTServer and TIcsMQTTClient - MQ Telemetry Transport message queuing service, client and server.


Major Component Upgrades

TDnsQuery - Add synchronous methods and more response properties. Check multiple DNS server hosts including public DNS lists.

TSslWSocketServer - IcsHosts can use server SSL certificate from the Windows Certificate Store. IcsHosts can now request a SSL certificate from the remote client.

TIcsFtpMulti - Send NOOP command periodically during multi hour transfers so connections are not closed accidentally.


New classes and Functions

THttpWSSrvConn - WebSocket server protocol.

Internet Helper Functions - Unit OverbyteIcsIpHlpApi.pas includes IpHlpConnsTable, IpHlpAdaptersInfo, IpHlpAdaptersAddr, IpHlpIpAddrTable, IpHlpIpNeighbTable, IpHlpIPForwardTable, IpHlpIpPathTable, IpHlpGetDnsServers, IpHlpIfTable2,

IpHlpIPStatistics, IpHlpUDPStatistics and many other functions.

TIcsMonFilterClass - Filter network traffic on protocols or IP addresses.

TIcsTrafficClass - Maintains network traffic statistics by protocols and IP addresses.


More detailed release notes are at ICS 9.0 Release Notes

Overbyte Website

There are four options to obtain the source code.

Download from Overbyte web site

ICS-V9 is the long term development version and needed for RAD Studio XE4 and later, it supports Delphi 7 and later.

Latest Stable Version ICS V9.3 - recommended

This is the latest recommended version, which has been tested and used for various published ICS application. It is updated for new releases of RAD Studio and major changes. V9.2 is the version displayed when RAD Studio starts and by the main unit OverbyteIcsWSocket. Note these versions include the latest version of the OpenSSL DLLs at the time of release.

Download Platforms
ICS-V9.3 Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12, C++ Builder 10.4, 11 and 12. Includes OpenSSL 3.3.2, 3.2.3 and 3.0.15.
ICS-V9.3 Delphi 10.4, 11 and 12 only. Includes OpenSSL 3.3.2, 3.2.3 and 3.0.15.
ICS-V9.2 Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12, C++ Builder 10.4, 11 and 12. Includes OpenSSL 3.0.14. 3.2.2 and 3.3.1.
ICS-V9.2 Delphi 10.4, 11 and 12 only. Includes OpenSSL 3.0.14. 3.2.2 and 3.3.1.
ICS-V9.1 Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12, C++ Builder 10.4, 11 and 12. Includes OpenSSL 3.0.13. 3.1.5 and 3.2.1.
ICS-V9.1 Delphi 10.4, 11 and 12 only. Includes OpenSSL 3.0.13. 3.1.5 and 3.2.1.
ICS-V9.0 Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12, C++ Builder 2006 to XE3, 10.2, 10.3, 10.4, 11 and 12. Includes OpenSSL 3.1.2.
ICS-V9.0 Delphi 12 only. Includes OpenSSL 3.1.2.
ICS-V9.0 Delphi 11 only. Includes OpenSSL 3.1.2.
ICS-V9.0 Delphi 10.4 only. Includes OpenSSL 3.1.2.
ICS-V8.70 Delphi 7 to XE8, 10, 10.1, 10.2, 10.3, 10.4 and 11, C++ Builder 2006 to XE3, 10.2, 10.3, 10.4 and 11. Includes OpenSSL 3.0.7.
ICS-V8.70 Delphi 11 only. Includes OpenSSL 3.0.7.
ICS-V8.70 Delphi 10.4 only. Includes OpenSSL 3.0.7.

From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of third party components, and allows them to be automatically downloaded and installed. The same stable ICS versions listed above should be available from GetIt.

Zipped Daily Snapshots

This is the easiest way to get the latest version. These packages are built from the version control repositories automatically when they change and are refreshed once a day. To use the latest OpenSSL version, download this snapshot. Note the snapshot includes the latest version of the OpenSSL DLLs.

Download Changes log
ICS-V9 Snapshot View

Archives

Download Changes log
ICS-V9.1 Archived Samples
ICS-V8 Archive View
ICS-V7 Archive View
ICS-V6 Archive View
ICS-V5 Archive View

Version Control System

Using the version control repository is the best choice if you want to get live access to current development files. Overbyte uses a Subversion server and you need to use a Subversion client such as TortoiseSVN or your favorite browser. The URLs are as follows:

ICS Version SVN URL HTTP URL
ICS-V9 svn://svn.overbyte.be/icsv9 https://svn.overbyte.be/svn/icsv9
ICS-V8 svn://svn.overbyte.be/ics/trunk https://svn.overbyte.be/svn/ics/trunk
ICS-V7 svn://svn.overbyte.be/ics/tags/icsv7 https://svn.overbyte.be/svn/ics/tags/icsv7
ICS-V6 svn://svn.overbyte.be/ics/tags/v6_obsolete https://svn.overbyte.be/svn/ics/tags/v6_obsolete
ICS-V5 svn://svn.overbyte.be/icsv5 https://svn.overbyte.be/svn/icsv5

Use username = ics and password = ics for read access. Write access is only available to TeamICS.

Download OpenSSL Binaries

The OpenSSL binaries are required for all ICS SSL-enabled components.

The 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform, the 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications.

Please note older versions of the ICS source code had an internal check to only allow loading of the latest OpenSSL it was tested with, so you could not use new DLLs with an old application without recompiling with the latest version of ICS first.

OpenSSL 1.0.2 and later were only supported by ICS v8, v7 is no longer updated for new OpenSSL versions. This was a long term support version for which free support ceased at the end of 2019 unless you have an OpenSSL Premium Level Support contract for $50,000/year. ICS V8.65 was the last version to support 1.0.2.

OpenSSL 1.1.0 is obsolete and no longer supported. ICS V8.65 is the last version to support 1.1.0.

OpenSSL 1.1.1 was a long term support version and added support for TLSv1.3 RFC8446 and various new cryptographic private key and hash digest types. Delphi applications require ICS V8.57 or later. ICS V8.57 and later include the Win32 and Win64 OpenSSL 1.1.1 files. Support ceased in September 2023 unless you have an OpenSSL Premium Level Support contract for $50,000/year. OpenSSL 1.1.1 only supports Windows Vista and later, not XP. ICS V9.0 was the last version to support 1.1.1.

OpenSSL 3.0 is a major new release, primarily a lot of internal changes to ease long term support. ICS 8.67 is required to support 3.0. There is an optional FIPS module with 3.0 but not available here since our DLLs are not built to standards required for certification. The old engines for special extensions are replaced by new more versatile providers of which the FIPS module is one, a provider legacy.dll contained in the distribution has obsolete ciphers and hash digests that most applications no longer need and which needs to loaded by the application. This version will be supported until September 2026.

OpenSSL 3.1 is a minor new release, primarily FIPS improvements. ICS 8.67 is required to support 3.1. This version will be supported until March 2025. ICS is no longer updating these DLLs.

OpenSSL 3.2 is a minor new release with QUIC client support for HTTP/3 and many other improvements. ICS 8.67 is required to support 3.2. This version will be supported until November 2025.

OpenSSL 3.3 is a minor new release, minor QUIC and other features. ICS 8.67 is required to support 3.3. This version will be supported until April 2026.

OpenSSL 3.4 is a minor new release, minor newr features. ICS 8.67 is required to support 3.4. There is a bug fix in ICS 9.4. This version will be supported until October 2026.

Please note that ICS does not use any of the new features in OpenSSL 3.2 or later at present, so continuing to use the latest patch version of 3.0 with security fixes is generally fine.

The OpenSSL DLLs and EXE files included in the zips above are digitally code signed 'Magenta Systems Ltd', one of the organisations that maintains ICS. The Magenta Systems Code Signing Trust and Certificate Check component may be used to check the correctly signed DLLs are being used by ICS, with this functionality included in ICS V8.38 and later. Beware that Windows needs recent root certificates to check newly signed code, and may give an error if the root store has not been kept current by Windows Update, particularly on older versions of Windows such as XP, Vista and 7.

Date Download Description Comments
2024-10-25 OpenSSL Binaries Win-64 3.4.0 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-10-25 OpenSSL Binaries Win-32 3.4.0 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017

Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.

2024-09-05 OpenSSL Binaries Win-64 3.3.2 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-09-05 OpenSSL Binaries Win-32 3.3.2 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017

Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.

2024-09-05 OpenSSL Binaries Win-64 3.2.3 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-09-05 OpenSSL Binaries Win-32 3.2.3 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017

Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.

2024-09-05 OpenSSL Binaries Win-64 3.0.15 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-09-05 OpenSSL Binaries Win-32 3.0.15 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-06-06 OpenSSL Binaries Win-64 3.3.1 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-06-06 OpenSSL Binaries Win-32 3.3.1 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017

Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.

2024-06-06 OpenSSL Binaries Win-64 3.2.2 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-06-06 OpenSSL Binaries Win-32 3.2.2 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017

Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.

2024-06-06 OpenSSL Binaries Win-64 3.0.14 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-06-06 OpenSSL Binaries Win-32 3.0.14 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-02-05 OpenSSL Binaries Win-64 3.1.5 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.
2024-02-05 OpenSSL Binaries Win-32 3.1.5 requires ICS V8.67 or later Built with Visual Studio Build Tools 2017

Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP. Includes a compiled RES resource file with the same files.

2023-09-21 OpenSSL Binaries Win-64 1.1.1w requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2023-09-21 OpenSSL Binaries Win-32 1.1.1w requires ICS V8.57 or later Built with Visual Studio Build Tools 2017 Supports TLSv1.3. Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2020-03-18 OpenSSL Binaries Win-64 1.0.2u requires ICS V8.24 to ICS V8.65 Built with Visual Studio Build Tools 2017 For 64-bit applications only (XE2+). Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.
2020-03-18 OpenSSL Binaries Win-32 1.0.2u requires ICS V8.24 to ICS V8.65 Built with Visual Studio Build Tools 2017 Use with 32-bit applications on Windows 64-bit. Digitally code signed. Only supports Windows Vista/Server 2008, and later, not Windows XP.

Download OpenSSL Binaries (alternative)

OpenSSL website also links to Win32OpenSSL website providing another build of Win32 DLL binaries. Note note that unlike the builds above builds on that site may have dependencies on Visual C++ 2008 Redistributables (to keep dll files smaller) so make sure you include all the required (and correct) redistributable files in your software installation. You probably don't have to care about that if you use binaries above at the cost of slightly larger DLLs. Also note that site does not keep archives of older versions so you may want to watch their page if you prefer their binaries.