Difference between revisions of "ICS V8.50"

From Overbyte
Jump to navigation Jump to search
(Created page with "Major changes in ICS V8.50 include: 1 - Two new components, TIcsProxy may be used to proxy any TCP protocol, TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with...")
 
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Major changes in ICS V8.50 include:
+
'''Major changes in ICS V8.50 include:'''
  
1 - Two new components, TIcsProxy may be used to proxy any TCP protocol, TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing.
+
# Two new components, TIcsProxy may be used to proxy any TCP protocol, TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing.
 +
# Multiple SSL host support to TSslWSocketServer and other servers through IcsHosts property, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates, private key and security level, and host name.
 +
# Support for both OpenSSL 1.0.2 and 1.1.0 versions, with the DLLs digitally signed and checked during loading.
 +
# ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions to PEM. The server certificate chain can be validated and reported before the server starts.
 +
# SSL certificates and requests can be created using ECC keys which use less bandwidth than RSA keys (but which few CAs support, yet) and alternate DNS names may be used as may other extended properties.
 +
# HTML content code page detection and character set conversion to Delphi unicode strings, including converting entities (like ☍).
  
2 - Multiple SSL host support to TSslWSocketServer and other servers through IcsHosts property, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates, private key and security level, and host name.
+
== New Proxy Components ==
 
 
3 - Support for both OpenSSL 1.0.2 and 1.1.0 versions, with the DLLs digitally signed and checked during loading.
 
 
 
4 - ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions to PEM. The server certificate chain can be validated and reported before the server starts.
 
 
 
5 - SSL certificates and requests can be created using ECC keys which use less bandwidth than RSA keys (but which few CAs support, yet) and alternate DNS names may be used as may other extended properties.
 
 
 
6 - HTML content code page detection and character set conversion to Delphi unicode strings, including converting entities (like ☍).
 
 
 
 
 
'''New Proxy Components'''
 
  
 
TIcsProxy may be used to proxy any TCP protocol, the sample includes
 
TIcsProxy may be used to proxy any TCP protocol, the sample includes
Line 23: Line 17:
 
proxy server sample application illustrating use of the components.
 
proxy server sample application illustrating use of the components.
  
 
+
== Multiple SSL host support with IcsHosts ==
'''Multiple SSL host support with IcsHosts'''
 
  
 
Added multiple SSL host support to TSslWSocketServer and to
 
Added multiple SSL host support to TSslWSocketServer and to
Line 44: Line 37:
 
different SSL hosts.
 
different SSL hosts.
  
 
+
== OpenSSL 1.1.0 Support ==
'''OpenSSL 1.1.0 Support'''
 
  
 
ICS supports both OpenSSL 1.0.2 and 1.1.0 versions, with the
 
ICS supports both OpenSSL 1.0.2 and 1.1.0 versions, with the
Line 52: Line 44:
 
1.1.0 is supported including security levels.
 
1.1.0 is supported including security levels.
  
 
+
== PKCS12 (PFX), PKCS8 and DER binary SSL certificates ==
'''PKCS12 (PFX), PKCS8 and DER binary SSL certificates'''
 
  
 
ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL
 
ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL
Line 61: Line 52:
 
as well as files so they can be built into applications.
 
as well as files so they can be built into applications.
  
 
+
== Support for EC Certificate Keys ==
'''Support for EC Certificate Keys'''
 
  
 
SSL certificates and requests can be created using EC keys which
 
SSL certificates and requests can be created using EC keys which
Line 76: Line 66:
 
forms, create bundles and report what is in bundles.
 
forms, create bundles and report what is in bundles.
  
 
+
== HTML Content Unicode Conversion ==
'''HTML Content Unicode Conversion'''
 
  
 
ICS adds new functions to assist with determining the character set
 
ICS adds new functions to assist with determining the character set

Latest revision as of 18:34, 14 November 2018

Major changes in ICS V8.50 include:

  1. Two new components, TIcsProxy may be used to proxy any TCP protocol, TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing.
  2. Multiple SSL host support to TSslWSocketServer and other servers through IcsHosts property, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates, private key and security level, and host name.
  3. Support for both OpenSSL 1.0.2 and 1.1.0 versions, with the DLLs digitally signed and checked during loading.
  4. ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions to PEM. The server certificate chain can be validated and reported before the server starts.
  5. SSL certificates and requests can be created using ECC keys which use less bandwidth than RSA keys (but which few CAs support, yet) and alternate DNS names may be used as may other extended properties.
  6. HTML content code page detection and character set conversion to Delphi unicode strings, including converting entities (like ☍).

New Proxy Components

TIcsProxy may be used to proxy any TCP protocol, the sample includes SMTP, POP3, NNTP and telnet. TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing host names and URLs to match the source and destination, ie changing http:// to https:// or vice versa. There is a new non-interactive proxy server sample application illustrating use of the components.

Multiple SSL host support with IcsHosts

Added multiple SSL host support to TSslWSocketServer and to TSslHttpServer and TSslHttpAppSrv and TIcsProxy. Previously, although the servers supported multiple IP addresses and ports, a lot of application code was needed to support multiple hosts, SSL certificates and separate directories for separate sites.

There is a new IcsHosts property which allows multiple hosts to be specified, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates and private key, SSL context and security level, and other web server host related properties, requiring minimal extra application code for SSL support. Includes .well-known directory support.

The new Multi Web Server sample combines features of the existing web server samples adding multiple host support using the new IcsHosts collection, as a simple non-interactive servers supporting up to 100 different SSL hosts.

OpenSSL 1.1.0 Support

ICS supports both OpenSSL 1.0.2 and 1.1.0 versions, with the OpenSSL DLLs digitally signed and checked during loading to ensure unauthorised versions are not used. Most of the new functionality in 1.1.0 is supported including security levels.

PKCS12 (PFX), PKCS8 and DER binary SSL certificates

ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions. The server certificate chain can be validated and reported before the server starts, to avoid certificate errors. Certificates and keys can be loaded from strings as well as files so they can be built into applications.

Support for EC Certificate Keys

SSL certificates and requests can be created using EC keys which use less bandwidth than RSA keys and alternate DNS names may be used as may other extended properties. ICS will now sign certificate requests as a CA and create certificate bundles (PEM or PKCS12) with private key, certificate and intermediates to simplify distribution.

The OverbyteIcsPemTool GUI sample application illustrates all the new SSL certificate functionality and will create private RSA and EC keys, create DH keys, certificate requests, sign requests as a CA, create self signed certificates, convert certificates between different forms, create bundles and report what is in bundles.

HTML Content Unicode Conversion

ICS adds new functions to assist with determining the character set and codepage for HTML content received from HTTP servers, and to convert to Delphi unicode strings, including checking header charset, meta data, BOM and optionally converting entities (like ☍).