[DUG] OpenSSL/Heartbleed
John Bird
johnkbird at paradise.net.nz
Fri Apr 11 04:37:51 NZST 2014
Is there any parts of Delphi/Indy/ICS/Android environments etc that might
contain the Open SSL bug? (ie does anything use OpenSSL?)
I understand the bug has been present for 2 years, so earlier *should* be
OK, how about anything in the XE5 environment?
I understand there is a separate issue in that programs that are OK that
communicate with eg an unpatched Apache web server will still be vulnerable.
I also read that Android 4.1.1 is also vulnerable
Some information about what uses what:
(MacOS, Indy uses OpenSSL):
http://www.monien.net/delphi-xe5-ssl-https-on-different-platforms-with-tidhttp-and-trestclient/
eg "Using SSL/HTTPS with Indy’s TIdHttp (or through TRESTClient – which is
effectively based on TIdHttp) requires external OpenSSL libraries, which is
something most of us probably learned in the past."
http://www.delphigroups.info/2/12/215507.html
Earlier Delphi versions:
http://stackoverflow.com/questions/18191679/which-is-current-correct-indy-and-open-ssl-versions-to-use-with-delphi2007
Googles fixes:
http://googleonlinesecurity.blogspot.com.au/2014/04/google-services-updated-to-address.html
More information about the Delphi
mailing list