Difference between revisions of "ICS V8.50"
| Line 16: | Line 16: | ||
== New Proxy Components == | == New Proxy Components == | ||
| − | |||
TIcsProxy may be used to proxy any TCP protocol, the sample includes | TIcsProxy may be used to proxy any TCP protocol, the sample includes | ||
| Line 24: | Line 23: | ||
http:// to https:// or vice versa. There is a new non-interactive | http:// to https:// or vice versa. There is a new non-interactive | ||
proxy server sample application illustrating use of the components. | proxy server sample application illustrating use of the components. | ||
| − | |||
== Multiple SSL host support with IcsHosts == | == Multiple SSL host support with IcsHosts == | ||
| − | |||
Added multiple SSL host support to TSslWSocketServer and to | Added multiple SSL host support to TSslWSocketServer and to | ||
| Line 47: | Line 44: | ||
collection, as a simple non-interactive servers supporting up to 100 | collection, as a simple non-interactive servers supporting up to 100 | ||
different SSL hosts. | different SSL hosts. | ||
| − | |||
== OpenSSL 1.1.0 Support == | == OpenSSL 1.1.0 Support == | ||
| − | |||
ICS supports both OpenSSL 1.0.2 and 1.1.0 versions, with the | ICS supports both OpenSSL 1.0.2 and 1.1.0 versions, with the | ||
| Line 57: | Line 52: | ||
unauthorised versions are not used. Most of the new functionality in | unauthorised versions are not used. Most of the new functionality in | ||
1.1.0 is supported including security levels. | 1.1.0 is supported including security levels. | ||
| − | |||
== PKCS12 (PFX), PKCS8 and DER binary SSL certificates == | == PKCS12 (PFX), PKCS8 and DER binary SSL certificates == | ||
| − | |||
ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL | ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL | ||
| Line 68: | Line 61: | ||
certificate errors. Certificates and keys can be loaded from strings | certificate errors. Certificates and keys can be loaded from strings | ||
as well as files so they can be built into applications. | as well as files so they can be built into applications. | ||
| − | |||
| − | |||
== Support for EC Certificate Keys == | == Support for EC Certificate Keys == | ||
| − | |||
SSL certificates and requests can be created using EC keys which | SSL certificates and requests can be created using EC keys which | ||
| Line 86: | Line 76: | ||
create self signed certificates, convert certificates between different | create self signed certificates, convert certificates between different | ||
forms, create bundles and report what is in bundles. | forms, create bundles and report what is in bundles. | ||
| − | |||
== HTML Content Unicode Conversion == | == HTML Content Unicode Conversion == | ||
| − | |||
ICS adds new functions to assist with determining the character set | ICS adds new functions to assist with determining the character set | ||
Revision as of 12:10, 14 November 2018
Major changes in ICS V8.50 include:
1 - Two new components, TIcsProxy may be used to proxy any TCP protocol, TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing.
2 - Multiple SSL host support to TSslWSocketServer and other servers through IcsHosts property, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates, private key and security level, and host name.
3 - Support for both OpenSSL 1.0.2 and 1.1.0 versions, with the DLLs digitally signed and checked during loading.
4 - ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions to PEM. The server certificate chain can be validated and reported before the server starts.
5 - SSL certificates and requests can be created using ECC keys which use less bandwidth than RSA keys (but which few CAs support, yet) and alternate DNS names may be used as may other extended properties.
6 - HTML content code page detection and character set conversion to Delphi unicode strings, including converting entities (like ☍).
Contents
New Proxy Components
TIcsProxy may be used to proxy any TCP protocol, the sample includes SMTP, POP3, NNTP and telnet. TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing host names and URLs to match the source and destination, ie changing http:// to https:// or vice versa. There is a new non-interactive proxy server sample application illustrating use of the components.
Multiple SSL host support with IcsHosts
Added multiple SSL host support to TSslWSocketServer and to TSslHttpServer and TSslHttpAppSrv and TIcsProxy. Previously, although the servers supported multiple IP addresses and ports, a lot of application code was needed to support multiple hosts, SSL certificates and separate directories for separate sites.
There is a new IcsHosts property which allows multiple hosts to be specified, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates and private key, SSL context and security level, and other web server host related properties, requiring minimal extra application code for SSL support. Includes .well-known directory support.
The new Multi Web Server sample combines features of the existing web server samples adding multiple host support using the new IcsHosts collection, as a simple non-interactive servers supporting up to 100 different SSL hosts.
OpenSSL 1.1.0 Support
ICS supports both OpenSSL 1.0.2 and 1.1.0 versions, with the OpenSSL DLLs digitally signed and checked during loading to ensure unauthorised versions are not used. Most of the new functionality in 1.1.0 is supported including security levels.
PKCS12 (PFX), PKCS8 and DER binary SSL certificates
ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions. The server certificate chain can be validated and reported before the server starts, to avoid certificate errors. Certificates and keys can be loaded from strings as well as files so they can be built into applications.
Support for EC Certificate Keys
SSL certificates and requests can be created using EC keys which use less bandwidth than RSA keys and alternate DNS names may be used as may other extended properties. ICS will now sign certificate requests as a CA and create certificate bundles (PEM or PKCS12) with private key, certificate and intermediates to simplify distribution.
The OverbyteIcsPemTool GUI sample application illustrates all the new SSL certificate functionality and will create private RSA and EC keys, create DH keys, certificate requests, sign requests as a CA, create self signed certificates, convert certificates between different forms, create bundles and report what is in bundles.
HTML Content Unicode Conversion
ICS adds new functions to assist with determining the character set and codepage for HTML content received from HTTP servers, and to convert to Delphi unicode strings, including checking header charset, meta data, BOM and optionally converting entities (like ☍).
