no more TCP-TLS in v10.6.3.3

[JB-DX]

In Berlin I upgraded Indy from 10.6.2.5341 to 10.6.3.3 strangely right-clicking a component now shows 10.6.2.0 (before it was 10.6.2.5341), but gsIdVersion reports 10.6.3.3.

Even worse: after re-compiling my TcpClient-application it now connects without TLS. No error is shown. I only noticed that because OnVerifyPeer-event doesn't get fired anymore to show certificate-details. Wireshark confirms that. The connection to the server is made so at first glance it looked normal.

On a Delphi-12 machine my source got compiled by a friend, and his .exe behaves the same, no TLS. This Delphi-12 is an out-of-box installation, with its Indy. Strangely that Indy shows 10.6.2.0 not 10.6.3.x

So why is TLS disabled? Is there anything to add to the code compared to 10.6.2.5341 ? I found no hint suggesting that.

[rlebeau]

If you install 10.6.3.3 properly, the IDE should show 10.6.3.3 everywhere (right-click, about box, etc). If you are still seeing 10.6.2.0 then you didn't remove/replace the old version, or you left it behind on your HDD and the IDE is finding that version instead of the new version. See https://github.com/IndySockets/Indy/wiki/Updating-Indy

The old version number dropping from 10.6.2.5341 down to 10.6.2.0 was due to a migration from SVN to GitHub (see #292). That issue was recently addressed in 10.6.3.0, after Delphi 12's release. At this time, no 10.6.3.x version has shipped with any IDE release yet. The next major Delphi version will probably pick up the latest version when the time comes.

Regarding the TLS issue, make sure you are setting the SSLIOHandler's PassThrough property to False (ie TLS enabled). It is set to True by default (ie TLS disabled). It is disabled by default to facilitate protocols that use STARTTLS-like commands. Years ago, PassThrough was False by default, which was actually a bug, and was fixed in late August 2019 - a few months before Indy migrated to GitHub and its version number dropped to 10.6.2.0. So, 10.6.2.5341 was likely a buggy version and you have been relying on the bug all along. So just update your code/dfm to set PassThrough=False explicitly when needed (ie, before Connect() for implicit TLS, or after Connect() for explicit TLS), and you should be fine.

[JB-DX]

Thank you Remy ! I was not aware about Passthrough. It now works fine. Because I had a similar problem with TidTcpServer I found Passthrough needs to be false also there. Since I was familiar with TidHTTP where adding TIdServerIOHandlerSSLOpenSSL resulting in a working TLS, I expected the same would be the case with TIdTCPClient. Now I know better.

Regarding the version number display: I would have agreed with you, but it now shows 10.6.2.0 instead of the previous 10.6.2.5341, so the old version got changed during the update. I did follow the instructions of https://github.com/IndySockets/Indy/wiki/Updating-Indy I will try it again.