I am trying to configure a web server in Delphi XE3 using Indy and OpenSSL, which can serve traffic through HTTP and HTTPS connections on the same port.
I saw two main approaches to this, and none of them work for me.
First: front TLS / SSL. This includes reading the first few bytes of the stream to search for the “Client-Hello” part of the unsafe handshake and (if found) causing the SSL server acknowledgment response, but if I do this, the OpenSSL library will not recognize the handshake because I deleted the leading message bytes .
Second: TLS after STARTTLS (or equivalent). This includes sending a special character set (STARTTLS) followed immediately by “Client-Hello”. The server then leaves the wrong SSL chain message to go to the OpenSSL library. The problem with this approach is that most web browsers do not support it (RFC 2817).
For a brief overview of the two approaches, see here. What happens on the wire when setting up a TLS / LDAP or TLS / HTTP connection? )
How can I support SSL and non-SSL traffic on the same port using TIdHTTPServer and OpenSSL in Delphi XE3?
source
share