TLSServer Component

Properties   Methods   Events   Config Settings   Errors  

The TLSServer component implements server-side functionality of the TLS protocol. In the TLS-disabled mode it works as a plain TCP server.

Syntax

TsbxTLSServer

Remarks

Use this component to accept TLS-encrypted or plain TCP connections in your application.

Follow the below steps to set up and run the server in your code:

• Create an instance of the server component and set up the license, if assumed by the edition you are using: var server = new Tlsserver(); server.RuntimeLicense = "5342..0000";
• Set up the listening port (make sure it is not in use): server.Port = 3456;
• Tell the component whether TLS connections should be enforced: server.UseTLS = false; // set to true to enable TLS
• (TLS-enabled servers only) Configure TLS parameters. The exact way of doing that may vary for different scenarios and security requirements. At the very least you need to set up the certificate chain that the server will use to authenticate itself to connecting clients. If you don"t, the component will generate a dummy certificate itself, however, that certificate is unlikely to pass any security requirements. It will let you accept test connections though.

  Below is an example of tuning up the TLS parameters of the server: // *** Switching TLS on and enabling the implicit mode *** server.UseTLS = true; server.TLSSettings.TLSMode = smImplicitTLS; // Loading the certificate chain var mgr = new Certificatemanager(); mgr.RuntimeLicense = "5342..0000"; // *** Setting up the host certificate *** // - it should be issued in the name that matches the hostname (such as domain.com) or its IP address (1.2.3.4), // - it must have an associated private key - so likely is provided in PFX or PEM format. mgr.ImportFromFile("CertTLSServer.pfx", "password"); server.ServerCertificates.Add(mgr.Certificate); // The CA certificate: this is to help connecting clients validate the chain. mgr.ImportFromFile("CertCA.cer", ""); server.ServerCertificates.Add(mgr.Certificate); // *** Adjusting finer-grained TLS settings *** // - session resumption (allows for faster handshakes for connections from the same origin) server.TLSSettings.UseSessionResumption = true; // - secure configuration server.TLSSettings.BaseConfiguration = stpcHighlySecure; // - disabling a cipher suite we dislike (just because we can): server.TLSSettings.Ciphersuites = "-DHE_RSA_AES128_SHA" // *** Configuring versions *** // The default version setting at the time of writing (May 2021) is TLS 1.2 and TLS 1.3, // but that may change in future versions. The following tune-up additionally activates TLS 1.1 and TLS 1.0, // which weakens security, but may be necessary to accept connections from older clients: server.TLSSettings.Versions = csbTLS1 | csbTLS11 | csbTLS12 | csbTLS13;

• Now that your server has been fully set up, activate it: server.Start();
• Once the Start call completes, your server can accept connections from clients. Each accepted connection runs in a separate thread, not interfering with each other or your own threads. The server communicates its ongoing activities to your application by throwing events:
  • Accept to notify you about a new incoming connection. This event lets you accept or reject it.
  • Connect to notify your code of an accepted connection. This event introduces a ConnectionID, a unique identifier that you can use to track the connection throughout its lifetime.
  • Disconnect to notify you that a connection has been closed.
  • TLSEstablished and TLSShutdown to let you know that a TLS layer has been activated/deactivated.
  • Data to notify you about a piece of data received from the remote side.
  • Error to report a protocol or other error.
  • CertificateValidate to communicate the client authentication event to your code. To access the certificate(s) provided by the authenticating client, pin the client and use the PinnedClientChain property to access its chain: server.PinClient(e.ConnectionID); e.Accept = CheckCert(server.PinnedClientChain);

  Note: every such event is thrown from the respective connection thread, so make sure you use some synchronization mechanism when dispatching the events to your UI thread - for example, by updating UI controls by sending a Window Message rather than accessing the controls directly.

  Use SendData and SendText to send data back to a client. When sending data, provide the ConnectionID that is associated with that client. Call DropClient to terminate a client connection.

• To stop the server, call Stop: server.Stop();

TLSServer and SSLLabs

Qualys SSLLabs (https://www.ssllabs.com/) has been long known as a comprehensive TLS site quality checking tool. It is now a de-facto standard and a sign of good taste to aspire for the best SSLLabs test result for your web presence. SecureBlackbox developers share that effort and want to help their customers build secure TLS endpoints that can be independently endorsed by third-party evaluators like SSLLabs.

Having said that, when assessing SecureBlackbox TLS-capable servers that are configured to use their default setup, you will often end up with a lower SSLLabs score than you could have. There is a simple reason for that. Being a vendor of a library used by thousands of customers, we have to find a delicate balance between security, compatibility, and keeping class contracts rolling from one product build to another. This makes the default configuration of the components not the strongest possible. To put it simple, we could easily make the default component setup bulletproof - but having done that, we would have likely ended up with hundreds of customers stuck with legacy environments (and there are a lot of them around) losing their connectivity.

If you are looking at achieving the best score at SSLLabs, please read on. The below guidance aims to help you tune up the server component in the way that should give you an A score.

First, switch your server to the highly secure base configuration: server.TLSSettings.BaseConfiguration = stpcHighlySecure; This should immediately give you an A, or a T if your server certificate does not chain up to a trusted anchor.

Some warnings will still be included in the report. One of those is related to the session resumption. It is normally shown in orange:

Session resumption (caching): No (IDs assigned but not accepted)

This literally means that the server is not configured to re-use older sessions, which may put extra computational burden on clients and itself. Use the following setting to enable session caching: server.TLSSettings.UseSessionResumption = true;

Besides, the report may show that there are some weak ciphersuites. All of those should be shown in orange (there should not be any reds; if there are - please let us know), which means they are only relatively weak. While switching them off may affect the interoperability level of the server, you may still want to do that. By using the below approach you can disable individual ciphersuites selectively. For example, if the report shows that TLS_DHE_RSA_WITH_AES128_CBC_SHA256 and TLS_DHE_RSA_WITH_AES256_CBC_SHA256 are weak (because of their CBC mode), you can disable them in the following way: server.TLSSettings.Ciphersuites = '-DHE_RSA_AES128_SHA256;-DHE_RSA_AES256_SHA256'; Note that SBB uses slightly different, simpler naming convention by dropping unnecessart WITH and CBC. Let us know if you have difficulties matching the cipher suite names.

Property List

---

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

Active Property (TLSServer Component)

Indicates whether the server is active and is listening to new connections.

Syntax

__property bool Active = { read=FActive };

Default Value

false

Remarks

This read-only property returns True if the server is listening to incoming connections.

This property is read-only and not available at design time.

Data Type

Boolean

BoundPort Property (TLSServer Component)

Indicates the bound listening port.

Syntax

__property int BoundPort = { read=FBoundPort };

Default Value

0

Remarks

Check this property to find out the port that has been allocated to the server by the system. The bound port always equals Port if it is provided, or is allocated dynamically if configured to fall in the range between PortRangeFrom and PortRangeTo constraints.

This property is read-only and not available at design time.

Data Type

Integer

ExternalCryptoAsyncDocumentID Property (TLSServer Component)

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Syntax

__property String ExternalCryptoAsyncDocumentID = { read=FExternalCryptoAsyncDocumentID, write=FSetExternalCryptoAsyncDocumentID };

Default Value

""

Remarks

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Use this property when working with multi-signature DCAuth requests and responses to uniquely identify documents signed within a larger batch. On the completion stage, this value helps the signing component identify the correct signature in the returned batch of responses.

If using batched requests, make sure to set this property to the same value on both the pre-signing (SignAsyncBegin) and completion (SignAsyncEnd) stages.

Data Type

String

ExternalCryptoCustomParams Property (TLSServer Component)

Custom parameters to be passed to the signing service (uninterpreted).

Syntax

__property String ExternalCryptoCustomParams = { read=FExternalCryptoCustomParams, write=FSetExternalCryptoCustomParams };

Default Value

""

Remarks

Custom parameters to be passed to the signing service (uninterpreted).

This property is not available at design time.

Data Type

String

ExternalCryptoData Property (TLSServer Component)

Additional data to be included in the async state and mirrored back by the requestor.

Syntax

__property String ExternalCryptoData = { read=FExternalCryptoData, write=FSetExternalCryptoData };

Default Value

""

Remarks

Additional data to be included in the async state and mirrored back by the requestor.

This property is not available at design time.

Data Type

String

ExternalCryptoExternalHashCalculation Property (TLSServer Component)

Specifies whether the message hash is to be calculated at the external endpoint.

Syntax

__property bool ExternalCryptoExternalHashCalculation = { read=FExternalCryptoExternalHashCalculation, write=FSetExternalCryptoExternalHashCalculation };

Default Value

false

Remarks

Specifies whether the message hash is to be calculated at the external endpoint. Please note that this mode is not supported by the DCAuth component.

If set to true, the component will pass a few kilobytes of to-be-signed data from the document to the OnExternalSign event. This only applies when SignExternal() is called.

Data Type

Boolean

ExternalCryptoHashAlgorithm Property (TLSServer Component)

Specifies the request's signature hash algorithm.

Syntax

__property String ExternalCryptoHashAlgorithm = { read=FExternalCryptoHashAlgorithm, write=FSetExternalCryptoHashAlgorithm };

Default Value

"SHA256"

Remarks

Specifies the request's signature hash algorithm.

Data Type

String

ExternalCryptoKeyID Property (TLSServer Component)

The ID of the pre-shared key used for DC request authentication.

Syntax

__property String ExternalCryptoKeyID = { read=FExternalCryptoKeyID, write=FSetExternalCryptoKeyID };

Default Value

""

Remarks

The ID of the pre-shared key used for DC request authentication.

Asynchronous DCAuth-driven communication requires that parties authenticate each other with a secret pre-shared cryptographic key. This provides an extra protection layer for the protocol and diminishes the risk of the private key becoming abused by foreign parties. Use this property to provide the pre-shared key identifier, and use ExternalCryptoKeySecret to pass the key itself.

The same KeyID/KeySecret pair should be used on the DCAuth side for the signing requests to be accepted.

Note: The KeyID/KeySecret scheme is very similar to the AuthKey scheme used in various Cloud service providers to authenticate users.

Example: signer.ExternalCrypto.KeyID = "MainSigningKey"; signer.ExternalCrypto.KeySecret = "abcdef0123456789";

Data Type

String

ExternalCryptoKeySecret Property (TLSServer Component)

The pre-shared key used for DC request authentication.

Syntax

__property String ExternalCryptoKeySecret = { read=FExternalCryptoKeySecret, write=FSetExternalCryptoKeySecret };

Default Value

""

Remarks

The pre-shared key used for DC request authentication. This key must be set and match the key used by the DCAuth counterpart for the scheme to work.

Read more about configuring authentication in the ExternalCryptoKeyID topic.

Data Type

String

ExternalCryptoMethod Property (TLSServer Component)

Specifies the asynchronous signing method.

Syntax

__property TsbxTLSServerExternalCryptoMethods ExternalCryptoMethod = { read=FExternalCryptoMethod, write=FSetExternalCryptoMethod };

enum TsbxTLSServerExternalCryptoMethods {
  asmdPKCS1=0,
  asmdPKCS7=1
};

Default Value

asmdPKCS1

Remarks

Specifies the asynchronous signing method. This is typically defined by the DC server capabilities and setup.

Available options:

Data Type

Integer

ExternalCryptoMode Property (TLSServer Component)

Specifies the external cryptography mode.

Syntax

__property TsbxTLSServerExternalCryptoModes ExternalCryptoMode = { read=FExternalCryptoMode, write=FSetExternalCryptoMode };

enum TsbxTLSServerExternalCryptoModes {
  ecmDefault=0,
  ecmDisabled=1,
  ecmGeneric=2,
  ecmDCAuth=3,
  ecmDCAuthJSON=4
};

Default Value

ecmDefault

Remarks

Specifies the external cryptography mode.

Available options:

This property is not available at design time.

Data Type

Integer

ExternalCryptoPublicKeyAlgorithm Property (TLSServer Component)

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

Syntax

__property String ExternalCryptoPublicKeyAlgorithm = { read=FExternalCryptoPublicKeyAlgorithm, write=FSetExternalCryptoPublicKeyAlgorithm };

Default Value

""

Remarks

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

Data Type

String

FIPSMode Property (TLSServer Component)

Reserved.

Syntax

__property bool FIPSMode = { read=FFIPSMode, write=FSetFIPSMode };

Default Value

false

Remarks

This property is reserved for future use.

Data Type

Boolean

HandshakeTimeout Property (TLSServer Component)

Specifies the handshake timeout in milliseconds.

Syntax

__property int HandshakeTimeout = { read=FHandshakeTimeout, write=FSetHandshakeTimeout };

Default Value

20000

Remarks

Use this property to set the TLS handshake timeout.

Data Type

Integer

Host Property (TLSServer Component)

The host to bind the listening port to.

Syntax

__property String Host = { read=FHost, write=FSetHost };

Default Value

""

Remarks

Use this property to specify the IP address on which to listen to incoming connections.

Data Type

String

PinnedClientAEADCipher Property (TLSServer Component)

Indicates whether the encryption algorithm used is an AEAD cipher.

Syntax

__property bool PinnedClientAEADCipher = { read=FPinnedClientAEADCipher };

Default Value

false

Remarks

Indicates whether the encryption algorithm used is an AEAD cipher.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientChainValidationDetails Property (TLSServer Component)

The details of a certificate chain validation outcome.

Syntax

__property int PinnedClientChainValidationDetails = { read=FPinnedClientChainValidationDetails };

Default Value

0

Remarks

The details of a certificate chain validation outcome. They may often suggest the reasons that contributed to the overall validation result.

Returns a bit mask of the following options:

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientChainValidationResult Property (TLSServer Component)

The outcome of a certificate chain validation routine.

Syntax

__property TsbxTLSServerPinnedClientChainValidationResults PinnedClientChainValidationResult = { read=FPinnedClientChainValidationResult };

enum TsbxTLSServerPinnedClientChainValidationResults {
  cvtValid=0,
  cvtValidButUntrusted=1,
  cvtInvalid=2,
  cvtCantBeEstablished=3
};

Default Value

cvtValid

Remarks

The outcome of a certificate chain validation routine.

Available options:

Use the ValidationLog property to access the detailed validation log.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientCiphersuite Property (TLSServer Component)

The cipher suite employed by this connection.

Syntax

__property String PinnedClientCiphersuite = { read=FPinnedClientCiphersuite };

Default Value

""

Remarks

The cipher suite employed by this connection.

For TLS connections, this property returns the ciphersuite that was/is employed by the connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientClientAuthenticated Property (TLSServer Component)

Specifies whether client authentication was performed during this connection.

Syntax

__property bool PinnedClientClientAuthenticated = { read=FPinnedClientClientAuthenticated };

Default Value

false

Remarks

Specifies whether client authentication was performed during this connection.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientClientAuthRequested Property (TLSServer Component)

Specifies whether client authentication was requested during this connection.

Syntax

__property bool PinnedClientClientAuthRequested = { read=FPinnedClientClientAuthRequested };

Default Value

false

Remarks

Specifies whether client authentication was requested during this connection.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientConnectionEstablished Property (TLSServer Component)

Indicates whether the connection has been established fully.

Syntax

__property bool PinnedClientConnectionEstablished = { read=FPinnedClientConnectionEstablished };

Default Value

false

Remarks

Indicates whether the connection has been established fully.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientConnectionID Property (TLSServer Component)

The unique identifier assigned to this connection.

Syntax

__property DynamicArray PinnedClientConnectionID = { read=FPinnedClientConnectionID };

Remarks

The unique identifier assigned to this connection.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientDigestAlgorithm Property (TLSServer Component)

The digest algorithm used in a TLS-enabled connection.

Syntax

__property String PinnedClientDigestAlgorithm = { read=FPinnedClientDigestAlgorithm };

Default Value

""

Remarks

The digest algorithm used in a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientEncryptionAlgorithm Property (TLSServer Component)

The symmetric encryption algorithm used in a TLS-enabled connection.

Syntax

__property String PinnedClientEncryptionAlgorithm = { read=FPinnedClientEncryptionAlgorithm };

Default Value

""

Remarks

The symmetric encryption algorithm used in a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientExportable Property (TLSServer Component)

Indicates whether a TLS connection uses a reduced-strength exportable cipher.

Syntax

__property bool PinnedClientExportable = { read=FPinnedClientExportable };

Default Value

false

Remarks

Indicates whether a TLS connection uses a reduced-strength exportable cipher.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientID Property (TLSServer Component)

The client connection's unique identifier.

Syntax

__property __int64 PinnedClientID = { read=FPinnedClientID };

Default Value

-1

Remarks

The client connection's unique identifier. This value is used throughout to refer to a particular client connection.

This property is read-only and not available at design time.

Data Type

Long64

PinnedClientKeyExchangeAlgorithm Property (TLSServer Component)

The key exchange algorithm used in a TLS-enabled connection.

Syntax

__property String PinnedClientKeyExchangeAlgorithm = { read=FPinnedClientKeyExchangeAlgorithm };

Default Value

""

Remarks

The key exchange algorithm used in a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientKeyExchangeKeyBits Property (TLSServer Component)

The length of the key exchange key of a TLS-enabled connection.

Syntax

__property int PinnedClientKeyExchangeKeyBits = { read=FPinnedClientKeyExchangeKeyBits };

Default Value

0

Remarks

The length of the key exchange key of a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientNamedECCurve Property (TLSServer Component)

The elliptic curve used in this connection.

Syntax

__property String PinnedClientNamedECCurve = { read=FPinnedClientNamedECCurve };

Default Value

""

Remarks

The elliptic curve used in this connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientPFSCipher Property (TLSServer Component)

Indicates whether the chosen ciphersuite provides perfect forward secrecy (PFS).

Syntax

__property bool PinnedClientPFSCipher = { read=FPinnedClientPFSCipher };

Default Value

false

Remarks

Indicates whether the chosen ciphersuite provides perfect forward secrecy (PFS).

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientPreSharedIdentity Property (TLSServer Component)

Specifies the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

Syntax

__property String PinnedClientPreSharedIdentity = { read=FPinnedClientPreSharedIdentity };

Default Value

""

Remarks

Specifies the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

This property is read-only and not available at design time.

Data Type

String

PinnedClientPreSharedIdentityHint Property (TLSServer Component)

A hint professed by the server to help the client select the PSK identity to use.

Syntax

__property String PinnedClientPreSharedIdentityHint = { read=FPinnedClientPreSharedIdentityHint };

Default Value

""

Remarks

A hint professed by the server to help the client select the PSK identity to use.

This property is read-only and not available at design time.

Data Type

String

PinnedClientPublicKeyBits Property (TLSServer Component)

The length of the public key.

Syntax

__property int PinnedClientPublicKeyBits = { read=FPinnedClientPublicKeyBits };

Default Value

0

Remarks

The length of the public key.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientRemoteAddress Property (TLSServer Component)

The client's IP address.

Syntax

__property String PinnedClientRemoteAddress = { read=FPinnedClientRemoteAddress };

Default Value

""

Remarks

The client's IP address.

This property is read-only and not available at design time.

Data Type

String

PinnedClientRemotePort Property (TLSServer Component)

The remote port of the client connection.

Syntax

__property int PinnedClientRemotePort = { read=FPinnedClientRemotePort };

Default Value

0

Remarks

The remote port of the client connection.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientResumedSession Property (TLSServer Component)

Indicates whether a TLS-enabled connection was spawned from another TLS connection.

Syntax

__property bool PinnedClientResumedSession = { read=FPinnedClientResumedSession };

Default Value

false

Remarks

Indicates whether a TLS-enabled connection was spawned from another TLS connection

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientSecureConnection Property (TLSServer Component)

Indicates whether TLS or SSL is enabled for this connection.

Syntax

__property bool PinnedClientSecureConnection = { read=FPinnedClientSecureConnection };

Default Value

false

Remarks

Indicates whether TLS or SSL is enabled for this connection.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientServerAuthenticated Property (TLSServer Component)

Indicates whether server authentication was performed during a TLS-enabled connection.

Syntax

__property bool PinnedClientServerAuthenticated = { read=FPinnedClientServerAuthenticated };

Default Value

false

Remarks

Indicates whether server authentication was performed during a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientSignatureAlgorithm Property (TLSServer Component)

The signature algorithm used in a TLS handshake.

Syntax

__property String PinnedClientSignatureAlgorithm = { read=FPinnedClientSignatureAlgorithm };

Default Value

""

Remarks

The signature algorithm used in a TLS handshake.

This property is read-only and not available at design time.

Data Type

String

PinnedClientSymmetricBlockSize Property (TLSServer Component)

The block size of the symmetric algorithm used.

Syntax

__property int PinnedClientSymmetricBlockSize = { read=FPinnedClientSymmetricBlockSize };

Default Value

0

Remarks

The block size of the symmetric algorithm used.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientSymmetricKeyBits Property (TLSServer Component)

The key length of the symmetric algorithm used.

Syntax

__property int PinnedClientSymmetricKeyBits = { read=FPinnedClientSymmetricKeyBits };

Default Value

0

Remarks

The key length of the symmetric algorithm used.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientTotalBytesReceived Property (TLSServer Component)

The total number of bytes received over this connection.

Syntax

__property __int64 PinnedClientTotalBytesReceived = { read=FPinnedClientTotalBytesReceived };

Default Value

0

Remarks

The total number of bytes received over this connection.

This property is read-only and not available at design time.

Data Type

Long64

PinnedClientTotalBytesSent Property (TLSServer Component)

The total number of bytes sent over this connection.

Syntax

__property __int64 PinnedClientTotalBytesSent = { read=FPinnedClientTotalBytesSent };

Default Value

0

Remarks

The total number of bytes sent over this connection.

This property is read-only and not available at design time.

Data Type

Long64

PinnedClientValidationLog Property (TLSServer Component)

Contains the server certificate's chain validation log.

Syntax

__property String PinnedClientValidationLog = { read=FPinnedClientValidationLog };

Default Value

""

Remarks

Contains the server certificate's chain validation log. This information may be very useful in investigating chain validation failures.

This property is read-only and not available at design time.

Data Type

String

PinnedClientVersion Property (TLSServer Component)

Indicates the version of SSL/TLS protocol negotiated during this connection.

Syntax

__property String PinnedClientVersion = { read=FPinnedClientVersion };

Default Value

""

Remarks

Indicates the version of SSL/TLS protocol negotiated during this connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertCount Property (TLSServer Component)

The number of records in the PinnedClientCert arrays.

Syntax

__property int PinnedClientCertCount = { read=FPinnedClientCertCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• PinnedClientCertBytes
• PinnedClientCertCAKeyID
• PinnedClientCertFingerprint
• PinnedClientCertHandle
• PinnedClientCertIssuer
• PinnedClientCertIssuerRDN
• PinnedClientCertKeyAlgorithm
• PinnedClientCertKeyBits
• PinnedClientCertKeyFingerprint
• PinnedClientCertKeyUsage
• PinnedClientCertPublicKeyBytes
• PinnedClientCertSelfSigned
• PinnedClientCertSerialNumber
• PinnedClientCertSigAlgorithm
• PinnedClientCertSubject
• PinnedClientCertSubjectKeyID
• PinnedClientCertSubjectRDN
• PinnedClientCertValidFrom
• PinnedClientCertValidTo

The array indices start at 0 and end at PinnedClientCertCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientCertBytes Property (TLSServer Component)

Returns the raw certificate data in DER format.

Syntax

__property DynamicArray PinnedClientCertBytes[int PinnedClientCertIndex] = { read=FPinnedClientCertBytes };

Remarks

Returns the raw certificate data in DER format.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertCAKeyID Property (TLSServer Component)

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Syntax

__property DynamicArray PinnedClientCertCAKeyID[int PinnedClientCertIndex] = { read=FPinnedClientCertCAKeyID };

Remarks

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Authority Key Identifier is a certificate extension which allows identification of certificates belonging to the same issuer, but with different public keys. It is a de-facto standard to include this extension in all certificates to facilitate chain building.

This setting cannot be set when generating a certificate as it always derives from another certificate property. CertificateManager generates this setting automatically if enough information is available to it: for self-signed certificates, this value is copied from the PinnedClientCertSubjectKeyID setting, and for lower-level certificates, from the parent certificate's subject key ID extension.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertFingerprint Property (TLSServer Component)

Contains the fingerprint (a hash imprint) of this certificate.

Syntax

__property String PinnedClientCertFingerprint[int PinnedClientCertIndex] = { read=FPinnedClientCertFingerprint };

Default Value

""

Remarks

Contains the fingerprint (a hash imprint) of this certificate.

While there is no formal standard defining what a fingerprint is, a SHA1 hash of the certificate's DER-encoded body is typically used.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertHandle Property (TLSServer Component)

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

__property __int64 PinnedClientCertHandle[int PinnedClientCertIndex] = { read=FPinnedClientCertHandle };

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Long64

PinnedClientCertIssuer Property (TLSServer Component)

The common name of the certificate issuer (CA), typically a company name.

Syntax

__property String PinnedClientCertIssuer[int PinnedClientCertIndex] = { read=FPinnedClientCertIssuer };

Default Value

""

Remarks

The common name of the certificate issuer (CA), typically a company name. This is part of a larger set of credentials available via PinnedClientCertIssuerRDN.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertIssuerRDN Property (TLSServer Component)

A list of Property=Value pairs that uniquely identify the certificate issuer.

Syntax

__property String PinnedClientCertIssuerRDN[int PinnedClientCertIndex] = { read=FPinnedClientCertIssuerRDN };

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate issuer.

Example: /C=US/O=Nationwide CA/CN=Web Certification Authority

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertKeyAlgorithm Property (TLSServer Component)

Specifies the public key algorithm of this certificate.

Syntax

__property String PinnedClientCertKeyAlgorithm[int PinnedClientCertIndex] = { read=FPinnedClientCertKeyAlgorithm };

Default Value

"0"

Remarks

Specifies the public key algorithm of this certificate.

Use the PinnedClientCertKeyBits, PinnedClientCertCurve, and PinnedClientCertPublicKeyBytes properties to get more details about the key the certificate contains.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertKeyBits Property (TLSServer Component)

Returns the length of the public key in bits.

Syntax

__property int PinnedClientCertKeyBits[int PinnedClientCertIndex] = { read=FPinnedClientCertKeyBits };

Default Value

0

Remarks

Returns the length of the public key in bits.

This value indicates the length of the principal cryptographic parameter of the key, such as the length of the RSA modulus or ECDSA field. The key data returned by the PinnedClientCertPublicKeyBytes or PinnedClientCertPrivateKeyBytes property would typically contain auxiliary values, and therefore be longer.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientCertKeyFingerprint Property (TLSServer Component)

Returns a SHA1 fingerprint of the public key contained in the certificate.

Syntax

__property String PinnedClientCertKeyFingerprint[int PinnedClientCertIndex] = { read=FPinnedClientCertKeyFingerprint };

Default Value

""

Remarks

Returns a SHA1 fingerprint of the public key contained in the certificate.

Note that the key fingerprint is different from the certificate fingerprint accessible via the PinnedClientCertFingerprint property. The key fingeprint uniquely identifies the public key, and so can be the same for multiple certificates containing the same key.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertKeyUsage Property (TLSServer Component)

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

Syntax

__property int PinnedClientCertKeyUsage[int PinnedClientCertIndex] = { read=FPinnedClientCertKeyUsage };

Default Value

0

Remarks

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

This value is a bit mask of the following values:

Set this property before generating the certificate to propagate the key usage flags to the new certificate.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientCertPublicKeyBytes Property (TLSServer Component)

Contains the certificate's public key in DER format.

Syntax

__property DynamicArray PinnedClientCertPublicKeyBytes[int PinnedClientCertIndex] = { read=FPinnedClientCertPublicKeyBytes };

Remarks

Contains the certificate's public key in DER format.

This typically would contain an ASN.1-encoded public key value. The exact format depends on the type of the public key contained in the certificate.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertSelfSigned Property (TLSServer Component)

Indicates whether the certificate is self-signed (root) or signed by an external CA.

Syntax

__property bool PinnedClientCertSelfSigned[int PinnedClientCertIndex] = { read=FPinnedClientCertSelfSigned };

Default Value

false

Remarks

Indicates whether the certificate is self-signed (root) or signed by an external CA.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientCertSerialNumber Property (TLSServer Component)

Returns the certificate's serial number.

Syntax

__property DynamicArray PinnedClientCertSerialNumber[int PinnedClientCertIndex] = { read=FPinnedClientCertSerialNumber };

Remarks

Returns the certificate's serial number.

The serial number is a binary string that uniquely identifies a certificate among others issued by the same CA. According to the X.509 standard, the (issuer, serial number) pair should be globally unique to facilitate chain building.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertSigAlgorithm Property (TLSServer Component)

Indicates the algorithm that was used by the CA to sign this certificate.

Syntax

__property String PinnedClientCertSigAlgorithm[int PinnedClientCertIndex] = { read=FPinnedClientCertSigAlgorithm };

Default Value

""

Remarks

Indicates the algorithm that was used by the CA to sign this certificate.

A signature algorithm typically combines hash and public key algorithms together, such as sha256WithRSAEncryption or ecdsa-with-SHA256.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertSubject Property (TLSServer Component)

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.

Syntax

__property String PinnedClientCertSubject[int PinnedClientCertIndex] = { read=FPinnedClientCertSubject };

Default Value

""

Remarks

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. This is part of a larger set of credentials available via PinnedClientCertSubjectRDN.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertSubjectKeyID Property (TLSServer Component)

Contains a unique identifier of the certificate's cryptographic key.

Syntax

__property DynamicArray PinnedClientCertSubjectKeyID[int PinnedClientCertIndex] = { read=FPinnedClientCertSubjectKeyID };

Remarks

Contains a unique identifier of the certificate's cryptographic key.

Subject Key Identifier is a certificate extension which allows a specific public key to be associated with a certificate holder. Typically, subject key identifiers of CA certificates are recorded as respective CA key identifiers in the subordinate certificates that they issue, which facilitates chain building.

The PinnedClientCertSubjectKeyID and PinnedClientCertCAKeyID properties of self-signed certificates typically contain identical values, as in that specific case, the issuer and the subject are the same entity.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertSubjectRDN Property (TLSServer Component)

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Syntax

__property String PinnedClientCertSubjectRDN[int PinnedClientCertIndex] = { read=FPinnedClientCertSubjectRDN };

Default Value

""

Remarks

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Depending on the purpose of the certificate and the policies of the CA that issued it, the values included in the subject record may differ drastically and contain business or personal names, web URLs, email addresses, and other data.

Example: /C=US/O=Oranges and Apples, Inc./OU=Accounts Receivable/1.2.3.4.5=Value with unknown OID/CN=Margaret Watkins.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertValidFrom Property (TLSServer Component)

The time point at which the certificate becomes valid, in UTC.

Syntax

__property String PinnedClientCertValidFrom[int PinnedClientCertIndex] = { read=FPinnedClientCertValidFrom };

Default Value

""

Remarks

The time point at which the certificate becomes valid, in UTC.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertValidTo Property (TLSServer Component)

The time point at which the certificate expires, in UTC.

Syntax

__property String PinnedClientCertValidTo[int PinnedClientCertIndex] = { read=FPinnedClientCertValidTo };

Default Value

""

Remarks

The time point at which the certificate expires, in UTC.

The PinnedClientCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

Port Property (TLSServer Component)

Specifies the port number to listen for connections on.

Syntax

__property int Port = { read=FPort, write=FSetPort };

Default Value

80

Remarks

Use this property to specify the port number to listen to connections on. Standard port numbers are 80 for an HTTP server, and 443 for an HTTPS server.

Alternatively, you may specify the acceptable range of listening ports via PortRangeFrom and PortRangeTo properties. In this case the port will be allocated within the requested range by the operating system, and reported in BoundPort.

Data Type

Integer

PortRangeFrom Property (TLSServer Component)

Specifies the lower limit of the listening port range for incoming connections.

Syntax

__property int PortRangeFrom = { read=FPortRangeFrom, write=FSetPortRangeFrom };

Default Value

0

Remarks

Use this property to specify the lower limit of the port range to listen to connections on. When a port range is used to specify the listening port (as opposed to a fixed value provided via Port), the port will be allocated within the requested range by the operating system, and reported in BoundPort.

Note that this property is ignored if the Port property is set to a non-zero value, in which case the server always aims to listen on that fixed port.

Data Type

Integer

PortRangeTo Property (TLSServer Component)

Specifies the upper limit of the listening port range for incoming connections.

Syntax

__property int PortRangeTo = { read=FPortRangeTo, write=FSetPortRangeTo };

Default Value

0

Remarks

Use this property to specify the upper limit of the port range to listen to connections on. When a port range is used to specify the listening port (as opposed to a fixed value provided via Port), the port will be allocated within the requested range by the operating system, and reported in BoundPort.

Note that this property is ignored if the Port property is set to a non-zero value, in which case the server always aims to listen on that fixed port.

Data Type

Integer

SessionTimeout Property (TLSServer Component)

Specifies the default session timeout value in milliseconds.

Syntax

__property int SessionTimeout = { read=FSessionTimeout, write=FSetSessionTimeout };

Default Value

360000

Remarks

Specifies the period of inactivity (in milliseconds) after which the connection will be terminated by the server.

Data Type

Integer

SocketIncomingSpeedLimit Property (TLSServer Component)

The maximum number of bytes to read from the socket, per second.

Syntax

__property int SocketIncomingSpeedLimit = { read=FSocketIncomingSpeedLimit, write=FSetSocketIncomingSpeedLimit };

Default Value

0

Remarks

The maximum number of bytes to read from the socket, per second.

Data Type

Integer

SocketLocalAddress Property (TLSServer Component)

The local network interface to bind the socket to.

Syntax

__property String SocketLocalAddress = { read=FSocketLocalAddress, write=FSetSocketLocalAddress };

Default Value

""

Remarks

The local network interface to bind the socket to.

Data Type

String

SocketLocalPort Property (TLSServer Component)

The local port number to bind the socket to.

Syntax

__property int SocketLocalPort = { read=FSocketLocalPort, write=FSetSocketLocalPort };

Default Value

0

Remarks

The local port number to bind the socket to.

Data Type

Integer

SocketOutgoingSpeedLimit Property (TLSServer Component)

The maximum number of bytes to write to the socket, per second.

Syntax

__property int SocketOutgoingSpeedLimit = { read=FSocketOutgoingSpeedLimit, write=FSetSocketOutgoingSpeedLimit };

Default Value

0

Remarks

The maximum number of bytes to write to the socket, per second.

Data Type

Integer

SocketTimeout Property (TLSServer Component)

The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.

Syntax

__property int SocketTimeout = { read=FSocketTimeout, write=FSetSocketTimeout };

Default Value

60000

Remarks

The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.

If Timeout is set to 0, a socket operation will expire after the system-default timeout (2 hrs 8 min for TCP stack).

Data Type

Integer

SocketUseIPv6 Property (TLSServer Component)

Enables or disables IP protocol version 6.

Syntax

__property bool SocketUseIPv6 = { read=FSocketUseIPv6, write=FSetSocketUseIPv6 };

Default Value

false

Remarks

Enables or disables IP protocol version 6.

Data Type

Boolean

TLSServerCertCount Property (TLSServer Component)

The number of records in the TLSServerCert arrays.

Syntax

__property int TLSServerCertCount = { read=FTLSServerCertCount, write=FSetTLSServerCertCount };

Default Value

0

Remarks

This property controls the size of the following arrays:

• TLSServerCertBytes
• TLSServerCertHandle

The array indices start at 0 and end at TLSServerCertCount - 1.

This property is not available at design time.

Data Type

Integer

TLSServerCertBytes Property (TLSServer Component)

Returns the raw certificate data in DER format.

Syntax

__property DynamicArray TLSServerCertBytes[int TLSServerCertIndex] = { read=FTLSServerCertBytes };

Remarks

Returns the raw certificate data in DER format.

The TLSServerCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the TLSServerCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

TLSServerCertHandle Property (TLSServer Component)

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Syntax

__property __int64 TLSServerCertHandle[int TLSServerCertIndex] = { read=FTLSServerCertHandle, write=FSetTLSServerCertHandle };

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The TLSServerCertIndex parameter specifies the index of the item in the array. The size of the array is controlled by the TLSServerCertCount property.

This property is not available at design time.

Data Type

Long64

TLSAutoValidateCertificates Property (TLSServer Component)

Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.

Syntax

__property bool TLSAutoValidateCertificates = { read=FTLSAutoValidateCertificates, write=FSetTLSAutoValidateCertificates };

Default Value

true

Remarks

Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.

Data Type

Boolean

TLSBaseConfiguration Property (TLSServer Component)

Selects the base configuration for the TLS settings.

Syntax

__property TsbxTLSServerTLSBaseConfigurations TLSBaseConfiguration = { read=FTLSBaseConfiguration, write=FSetTLSBaseConfiguration };

enum TsbxTLSServerTLSBaseConfigurations {
  stpcDefault=0,
  stpcCompatible=1,
  stpcComprehensiveInsecure=2,
  stpcHighlySecure=3
};

Default Value

stpcDefault

Remarks

Selects the base configuration for the TLS settings. Several profiles are offered and tuned up for different purposes, such as high security or higher compatibility.

Data Type

Integer

TLSCiphersuites Property (TLSServer Component)

A list of ciphersuites separated with commas or semicolons.

Syntax

__property String TLSCiphersuites = { read=FTLSCiphersuites, write=FSetTLSCiphersuites };

Default Value

""

Remarks

A list of ciphersuites separated with commas or semicolons. Each ciphersuite in the list may be prefixed with a minus sign (-) to indicate that the ciphersuite should be disabled rather than enabled. Besides the specific ciphersuite modifiers, this property supports the all (and -all) aliases, allowing all ciphersuites to be blanketly enabled or disabled at once.

Note: the list of ciphersuites provided to this property alters the baseline list of ciphersuites as defined by TLSBaseConfiguration. Remember to start your ciphersuite string with -all; if you need to only enable a specific fixed set of ciphersuites. The list of supported ciphersuites is provided below:

• NULL_NULL_NULL
• RSA_NULL_MD5
• RSA_NULL_SHA
• RSA_RC4_MD5
• RSA_RC4_SHA
• RSA_RC2_MD5
• RSA_IDEA_MD5
• RSA_IDEA_SHA
• RSA_DES_MD5
• RSA_DES_SHA
• RSA_3DES_MD5
• RSA_3DES_SHA
• RSA_AES128_SHA
• RSA_AES256_SHA
• DH_DSS_DES_SHA
• DH_DSS_3DES_SHA
• DH_DSS_AES128_SHA
• DH_DSS_AES256_SHA
• DH_RSA_DES_SHA
• DH_RSA_3DES_SHA
• DH_RSA_AES128_SHA
• DH_RSA_AES256_SHA
• DHE_DSS_DES_SHA
• DHE_DSS_3DES_SHA
• DHE_DSS_AES128_SHA
• DHE_DSS_AES256_SHA
• DHE_RSA_DES_SHA
• DHE_RSA_3DES_SHA
• DHE_RSA_AES128_SHA
• DHE_RSA_AES256_SHA
• DH_ANON_RC4_MD5
• DH_ANON_DES_SHA
• DH_ANON_3DES_SHA
• DH_ANON_AES128_SHA
• DH_ANON_AES256_SHA
• RSA_RC2_MD5_EXPORT
• RSA_RC4_MD5_EXPORT
• RSA_DES_SHA_EXPORT
• DH_DSS_DES_SHA_EXPORT
• DH_RSA_DES_SHA_EXPORT
• DHE_DSS_DES_SHA_EXPORT
• DHE_RSA_DES_SHA_EXPORT
• DH_ANON_RC4_MD5_EXPORT
• DH_ANON_DES_SHA_EXPORT
• RSA_CAMELLIA128_SHA
• DH_DSS_CAMELLIA128_SHA
• DH_RSA_CAMELLIA128_SHA
• DHE_DSS_CAMELLIA128_SHA
• DHE_RSA_CAMELLIA128_SHA
• DH_ANON_CAMELLIA128_SHA
• RSA_CAMELLIA256_SHA
• DH_DSS_CAMELLIA256_SHA
• DH_RSA_CAMELLIA256_SHA
• DHE_DSS_CAMELLIA256_SHA
• DHE_RSA_CAMELLIA256_SHA
• DH_ANON_CAMELLIA256_SHA
• PSK_RC4_SHA
• PSK_3DES_SHA
• PSK_AES128_SHA
• PSK_AES256_SHA
• DHE_PSK_RC4_SHA
• DHE_PSK_3DES_SHA
• DHE_PSK_AES128_SHA
• DHE_PSK_AES256_SHA
• RSA_PSK_RC4_SHA
• RSA_PSK_3DES_SHA
• RSA_PSK_AES128_SHA
• RSA_PSK_AES256_SHA
• RSA_SEED_SHA
• DH_DSS_SEED_SHA
• DH_RSA_SEED_SHA
• DHE_DSS_SEED_SHA
• DHE_RSA_SEED_SHA
• DH_ANON_SEED_SHA
• SRP_SHA_3DES_SHA
• SRP_SHA_RSA_3DES_SHA
• SRP_SHA_DSS_3DES_SHA
• SRP_SHA_AES128_SHA
• SRP_SHA_RSA_AES128_SHA
• SRP_SHA_DSS_AES128_SHA
• SRP_SHA_AES256_SHA
• SRP_SHA_RSA_AES256_SHA
• SRP_SHA_DSS_AES256_SHA
• ECDH_ECDSA_NULL_SHA
• ECDH_ECDSA_RC4_SHA
• ECDH_ECDSA_3DES_SHA
• ECDH_ECDSA_AES128_SHA
• ECDH_ECDSA_AES256_SHA
• ECDHE_ECDSA_NULL_SHA
• ECDHE_ECDSA_RC4_SHA
• ECDHE_ECDSA_3DES_SHA
• ECDHE_ECDSA_AES128_SHA
• ECDHE_ECDSA_AES256_SHA
• ECDH_RSA_NULL_SHA
• ECDH_RSA_RC4_SHA
• ECDH_RSA_3DES_SHA
• ECDH_RSA_AES128_SHA
• ECDH_RSA_AES256_SHA
• ECDHE_RSA_NULL_SHA
• ECDHE_RSA_RC4_SHA
• ECDHE_RSA_3DES_SHA
• ECDHE_RSA_AES128_SHA
• ECDHE_RSA_AES256_SHA
• ECDH_ANON_NULL_SHA
• ECDH_ANON_RC4_SHA
• ECDH_ANON_3DES_SHA
• ECDH_ANON_AES128_SHA
• ECDH_ANON_AES256_SHA
• RSA_NULL_SHA256
• RSA_AES128_SHA256
• RSA_AES256_SHA256
• DH_DSS_AES128_SHA256
• DH_RSA_AES128_SHA256
• DHE_DSS_AES128_SHA256
• DHE_RSA_AES128_SHA256
• DH_DSS_AES256_SHA256
• DH_RSA_AES256_SHA256
• DHE_DSS_AES256_SHA256
• DHE_RSA_AES256_SHA256
• DH_ANON_AES128_SHA256
• DH_ANON_AES256_SHA256
• RSA_AES128_GCM_SHA256
• RSA_AES256_GCM_SHA384
• DHE_RSA_AES128_GCM_SHA256
• DHE_RSA_AES256_GCM_SHA384
• DH_RSA_AES128_GCM_SHA256
• DH_RSA_AES256_GCM_SHA384
• DHE_DSS_AES128_GCM_SHA256
• DHE_DSS_AES256_GCM_SHA384
• DH_DSS_AES128_GCM_SHA256
• DH_DSS_AES256_GCM_SHA384
• DH_ANON_AES128_GCM_SHA256
• DH_ANON_AES256_GCM_SHA384
• ECDHE_ECDSA_AES128_SHA256
• ECDHE_ECDSA_AES256_SHA384
• ECDH_ECDSA_AES128_SHA256
• ECDH_ECDSA_AES256_SHA384
• ECDHE_RSA_AES128_SHA256
• ECDHE_RSA_AES256_SHA384
• ECDH_RSA_AES128_SHA256
• ECDH_RSA_AES256_SHA384
• ECDHE_ECDSA_AES128_GCM_SHA256
• ECDHE_ECDSA_AES256_GCM_SHA384
• ECDH_ECDSA_AES128_GCM_SHA256
• ECDH_ECDSA_AES256_GCM_SHA384
• ECDHE_RSA_AES128_GCM_SHA256
• ECDHE_RSA_AES256_GCM_SHA384
• ECDH_RSA_AES128_GCM_SHA256
• ECDH_RSA_AES256_GCM_SHA384
• PSK_AES128_GCM_SHA256
• PSK_AES256_GCM_SHA384
• DHE_PSK_AES128_GCM_SHA256
• DHE_PSK_AES256_GCM_SHA384
• RSA_PSK_AES128_GCM_SHA256
• RSA_PSK_AES256_GCM_SHA384
• PSK_AES128_SHA256
• PSK_AES256_SHA384
• PSK_NULL_SHA256
• PSK_NULL_SHA384
• DHE_PSK_AES128_SHA256
• DHE_PSK_AES256_SHA384
• DHE_PSK_NULL_SHA256
• DHE_PSK_NULL_SHA384
• RSA_PSK_AES128_SHA256
• RSA_PSK_AES256_SHA384
• RSA_PSK_NULL_SHA256
• RSA_PSK_NULL_SHA384
• RSA_CAMELLIA128_SHA256
• DH_DSS_CAMELLIA128_SHA256
• DH_RSA_CAMELLIA128_SHA256
• DHE_DSS_CAMELLIA128_SHA256
• DHE_RSA_CAMELLIA128_SHA256
• DH_ANON_CAMELLIA128_SHA256
• RSA_CAMELLIA256_SHA256
• DH_DSS_CAMELLIA256_SHA256
• DH_RSA_CAMELLIA256_SHA256
• DHE_DSS_CAMELLIA256_SHA256
• DHE_RSA_CAMELLIA256_SHA256
• DH_ANON_CAMELLIA256_SHA256
• ECDHE_ECDSA_CAMELLIA128_SHA256
• ECDHE_ECDSA_CAMELLIA256_SHA384
• ECDH_ECDSA_CAMELLIA128_SHA256
• ECDH_ECDSA_CAMELLIA256_SHA384
• ECDHE_RSA_CAMELLIA128_SHA256
• ECDHE_RSA_CAMELLIA256_SHA384
• ECDH_RSA_CAMELLIA128_SHA256
• ECDH_RSA_CAMELLIA256_SHA384
• RSA_CAMELLIA128_GCM_SHA256
• RSA_CAMELLIA256_GCM_SHA384
• DHE_RSA_CAMELLIA128_GCM_SHA256
• DHE_RSA_CAMELLIA256_GCM_SHA384
• DH_RSA_CAMELLIA128_GCM_SHA256
• DH_RSA_CAMELLIA256_GCM_SHA384
• DHE_DSS_CAMELLIA128_GCM_SHA256
• DHE_DSS_CAMELLIA256_GCM_SHA384
• DH_DSS_CAMELLIA128_GCM_SHA256
• DH_DSS_CAMELLIA256_GCM_SHA384
• DH_anon_CAMELLIA128_GCM_SHA256
• DH_anon_CAMELLIA256_GCM_SHA384
• ECDHE_ECDSA_CAMELLIA128_GCM_SHA256
• ECDHE_ECDSA_CAMELLIA256_GCM_SHA384
• ECDH_ECDSA_CAMELLIA128_GCM_SHA256
• ECDH_ECDSA_CAMELLIA256_GCM_SHA384
• ECDHE_RSA_CAMELLIA128_GCM_SHA256
• ECDHE_RSA_CAMELLIA256_GCM_SHA384
• ECDH_RSA_CAMELLIA128_GCM_SHA256
• ECDH_RSA_CAMELLIA256_GCM_SHA384
• PSK_CAMELLIA128_GCM_SHA256
• PSK_CAMELLIA256_GCM_SHA384
• DHE_PSK_CAMELLIA128_GCM_SHA256
• DHE_PSK_CAMELLIA256_GCM_SHA384
• RSA_PSK_CAMELLIA128_GCM_SHA256
• RSA_PSK_CAMELLIA256_GCM_SHA384
• PSK_CAMELLIA128_SHA256
• PSK_CAMELLIA256_SHA384
• DHE_PSK_CAMELLIA128_SHA256
• DHE_PSK_CAMELLIA256_SHA384
• RSA_PSK_CAMELLIA128_SHA256
• RSA_PSK_CAMELLIA256_SHA384
• ECDHE_PSK_CAMELLIA128_SHA256
• ECDHE_PSK_CAMELLIA256_SHA384
• ECDHE_PSK_RC4_SHA
• ECDHE_PSK_3DES_SHA
• ECDHE_PSK_AES128_SHA
• ECDHE_PSK_AES256_SHA
• ECDHE_PSK_AES128_SHA256
• ECDHE_PSK_AES256_SHA384
• ECDHE_PSK_NULL_SHA
• ECDHE_PSK_NULL_SHA256
• ECDHE_PSK_NULL_SHA384
• ECDHE_RSA_CHACHA20_POLY1305_SHA256
• ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
• DHE_RSA_CHACHA20_POLY1305_SHA256
• PSK_CHACHA20_POLY1305_SHA256
• ECDHE_PSK_CHACHA20_POLY1305_SHA256
• DHE_PSK_CHACHA20_POLY1305_SHA256
• RSA_PSK_CHACHA20_POLY1305_SHA256
• AES128_GCM_SHA256
• AES256_GCM_SHA384
• CHACHA20_POLY1305_SHA256
• AES128_CCM_SHA256
• AES128_CCM8_SHA256

Data Type

String

TLSClientAuth Property (TLSServer Component)

Enables or disables certificate-based client authentication.

Syntax

__property TsbxTLSServerTLSClientAuths TLSClientAuth = { read=FTLSClientAuth, write=FSetTLSClientAuth };

enum TsbxTLSServerTLSClientAuths {
  ccatNoAuth=0,
  ccatRequestCert=1,
  ccatRequireCert=2
};

Default Value

ccatNoAuth

Remarks

Enables or disables certificate-based client authentication.

Set this property to true to tune up the client authentication type:

Data Type

Integer

TLSECCurves Property (TLSServer Component)

Defines the elliptic curves to enable.

Syntax

__property String TLSECCurves = { read=FTLSECCurves, write=FSetTLSECCurves };

Default Value

""

Remarks

Defines the elliptic curves to enable.

Data Type

String

TLSExtensions Property (TLSServer Component)

Provides access to TLS extensions.

Syntax

__property String TLSExtensions = { read=FTLSExtensions, write=FSetTLSExtensions };

Default Value

""

Remarks

Provides access to TLS extensions.

Data Type

String

TLSForceResumeIfDestinationChanges Property (TLSServer Component)

Whether to force TLS session resumption when the destination address changes.

Syntax

__property bool TLSForceResumeIfDestinationChanges = { read=FTLSForceResumeIfDestinationChanges, write=FSetTLSForceResumeIfDestinationChanges };

Default Value

false

Remarks

Whether to force TLS session resumption when the destination address changes.

Data Type

Boolean

TLSPreSharedIdentity Property (TLSServer Component)

Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

Syntax

__property String TLSPreSharedIdentity = { read=FTLSPreSharedIdentity, write=FSetTLSPreSharedIdentity };

Default Value

""

Remarks

Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

This property is not available at design time.

Data Type

String

TLSPreSharedKey Property (TLSServer Component)

Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.

Syntax

__property String TLSPreSharedKey = { read=FTLSPreSharedKey, write=FSetTLSPreSharedKey };

Default Value

""

Remarks

Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.

This property is not available at design time.

Data Type

String

TLSPreSharedKeyCiphersuite Property (TLSServer Component)

Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.

Syntax

__property String TLSPreSharedKeyCiphersuite = { read=FTLSPreSharedKeyCiphersuite, write=FSetTLSPreSharedKeyCiphersuite };

Default Value

""

Remarks

Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.

Data Type

String

TLSRenegotiationAttackPreventionMode Property (TLSServer Component)

Selects the renegotiation attack prevention mechanism.

Syntax

__property TsbxTLSServerTLSRenegotiationAttackPreventionModes TLSRenegotiationAttackPreventionMode = { read=FTLSRenegotiationAttackPreventionMode, write=FSetTLSRenegotiationAttackPreventionMode };

enum TsbxTLSServerTLSRenegotiationAttackPreventionModes {
  crapmCompatible=0,
  crapmStrict=1,
  crapmAuto=2
};

Default Value

crapmAuto

Remarks

Selects the renegotiation attack prevention mechanism.

The following options are available:

Data Type

Integer

TLSRevocationCheck Property (TLSServer Component)

Specifies the kind(s) of revocation check to perform.

Syntax

__property TsbxTLSServerTLSRevocationChecks TLSRevocationCheck = { read=FTLSRevocationCheck, write=FSetTLSRevocationCheck };

enum TsbxTLSServerTLSRevocationChecks {
  crcNone=0,
  crcAuto=1,
  crcAllCRL=2,
  crcAllOCSP=3,
  crcAllCRLAndOCSP=4,
  crcAnyCRL=5,
  crcAnyOCSP=6,
  crcAnyCRLOrOCSP=7,
  crcAnyOCSPOrCRL=8
};

Default Value

crcAuto

Remarks

Specifies the kind(s) of revocation check to perform.

Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.

This setting controls the way the revocation checks are performed for every certificate in the chain. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.

There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).

This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to the faster OCSP route and only demand one source to succeed) is a good choice for most typical validation environments. The "crcAll*" modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.

Note: If no CRL or OCSP endpoints are provided by the CA, the revocation check will be considered successful. This is because the CA chose not to supply revocation information for its certificates, meaning they are considered irrevocable.

Note: Within each of the above settings, if any retrieved CRL or OCSP response indicates that the certificate has been revoked, the revocation check fails.

This property is not available at design time.

Data Type

Integer

TLSSSLOptions Property (TLSServer Component)

Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.

Syntax

__property int TLSSSLOptions = { read=FTLSSSLOptions, write=FSetTLSSSLOptions };

Default Value

16

Remarks

Various SSL (TLS) protocol options, set of

Data Type

Integer

TLSTLSMode Property (TLSServer Component)

Specifies the TLS mode to use.

Syntax

__property TsbxTLSServerTLSTLSModes TLSTLSMode = { read=FTLSTLSMode, write=FSetTLSTLSMode };

enum TsbxTLSServerTLSTLSModes {
  smDefault=0,
  smNoTLS=1,
  smExplicitTLS=2,
  smImplicitTLS=3,
  smMixedTLS=4
};

Default Value

smDefault

Remarks

Specifies the TLS mode to use.

Data Type

Integer

TLSUseExtendedMasterSecret Property (TLSServer Component)

Enables the Extended Master Secret Extension, as defined in RFC 7627.

Syntax

__property bool TLSUseExtendedMasterSecret = { read=FTLSUseExtendedMasterSecret, write=FSetTLSUseExtendedMasterSecret };

Default Value

false

Remarks

Enables the Extended Master Secret Extension, as defined in RFC 7627.

Data Type

Boolean

TLSUseSessionResumption Property (TLSServer Component)

Enables or disables the TLS session resumption capability.

Syntax

__property bool TLSUseSessionResumption = { read=FTLSUseSessionResumption, write=FSetTLSUseSessionResumption };

Default Value

false

Remarks

Enables or disables the TLS session resumption capability.

Data Type

Boolean

TLSVersions Property (TLSServer Component)

The SSL/TLS versions to enable by default.

Syntax

__property int TLSVersions = { read=FTLSVersions, write=FSetTLSVersions };

Default Value

16

Remarks

The SSL/TLS versions to enable by default.

Data Type

Integer

WebsiteName Property (TLSServer Component)

Specifies the web site name to use in the certificate.

Syntax

__property String WebsiteName = { read=FWebsiteName, write=FSetWebsiteName };

Default Value

"secureblackbox"

Remarks

If using an internally-generated certificate, use this property to specify the web site name to be included as a common name. A typical common name consists of the host name, such as '192.168.10.10' or 'domain.com'.

Data Type

String

BroadcastData Method (TLSServer Component)

Broadcasts data to all connections.

Syntax

void __fastcall BroadcastData(__int64 ConnectionID, DynamicArray<Byte> Data);

Remarks

Call this method to send Data to all active client connections except for ConnectionID. Set ConnectionID to -1 to broadcast to all connections without exceptions.

BroadcastText Method (TLSServer Component)

Broadcasts a text string to all connections.

Syntax

void __fastcall BroadcastText(__int64 ConnectionId, String Text);

Remarks

Call this method to send Text to all active client connections except for ConnectionID. Set ConnectionID to -1 to broadcast to all connections without exceptions.

Cleanup Method (TLSServer Component)

Cleans up the server environment by purging expired sessions and cleaning caches.

Syntax

void __fastcall Cleanup();

Remarks

Call this method while the server is active to clean up the environment allocated for the server by releasing unused resources and cleaning caches.

Config Method (TLSServer Component)

Sets or retrieves a configuration setting.

Syntax

String __fastcall Config(String ConfigurationString);

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoAction Method (TLSServer Component)

Performs an additional action.

Syntax

String __fastcall DoAction(String ActionID, String ActionParams);

Remarks

DoAction is a generic method available in every component. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insensitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

DropClient Method (TLSServer Component)

Terminates a client connection.

Syntax

void __fastcall DropClient(__int64 ConnectionId, bool Forced);

Remarks

Call this method to shut down a connected client. Forced indicates whether the connection should be closed in a graceful manner.

ExportKeyMaterial Method (TLSServer Component)

Derives key material from the session's master key using the TLS exporters scheme.

Syntax

void __fastcall ExportKeyMaterial(__int64 ConnectionID, String Lbl, DynamicArray<Byte> Context, int Len);

Remarks

Some protocols - for example, SRTP - use the TLS exporters scheme to derive their own session keys from the TLS master key. This method lets you employ exporters to obtain such keys, or to generate secure keys for your own needs from an active TLS session.

The exported keys depend on the master key, and are different for every TLS session. However, a client and server sharing a session will always end up with the same key material, as long as they use the same values of Lbl, Context, and Len.

Use the ConnectionID parameter to specify the session that you would like to derive key material from.

ListClients Method (TLSServer Component)

Enumerates the connected clients.

Syntax

String __fastcall ListClients();

Remarks

This method enumerates the connected clients. It returns a list of strings, with each string being of 'ConnectionID|Address|Port' format, and representing a single connection.

PinClient Method (TLSServer Component)

Takes a snapshot of the connection's properties.

Syntax

void __fastcall PinClient(__int64 ConnectionId);

Remarks

Use this method to take a snapshot of a connected client. The captured properties are populated in PinnedClient and PinnedClientChain properties.

Reset Method (TLSServer Component)

Resets the component settings.

Syntax

void __fastcall Reset();

Remarks

Reset is a generic method available in every component.

SendData Method (TLSServer Component)

Sends a data buffer to a connection client.

Syntax

void __fastcall SendData(__int64 ConnectionID, DynamicArray<Byte> Buffer);

Remarks

Use this method to send a data buffer to a connected client. Use ConnectionID to specify the client.

SendKeepAlive Method (TLSServer Component)

Sends a keep-alive packet.

Syntax

void __fastcall SendKeepAlive(__int64 ConnectionId);

Remarks

Use this method to send a keep-alive packet to a client. Keep alive is an empty packet; keep-alive signals sent occasionally can be used to keep connection up.

SendText Method (TLSServer Component)

Sends a text string to a client.

Syntax

void __fastcall SendText(__int64 ConnectionId, String Text);

Remarks

Use this method to send a text string to a connected client.

Start Method (TLSServer Component)

Starts the TLS server.

Syntax

void __fastcall Start();

Remarks

Use this method to start listening for incoming connections.

Stop Method (TLSServer Component)

Stops the TLS server.

Syntax

void __fastcall Stop();

Remarks

Call this method to stop listening for incoming connections.

Accept Event (TLSServer Component)

Reports an incoming connection.

Syntax

typedef struct {
  String RemoteAddress;
  int RemotePort;
  bool Accept;
} TsbxTLSServerAcceptEventParams;
typedef void __fastcall (__closure *TsbxTLSServerAcceptEvent)(System::TObject* Sender, TsbxTLSServerAcceptEventParams *e);
__property TsbxTLSServerAcceptEvent OnAccept = { read=FOnAccept, write=FOnAccept };

Remarks

This event is fired when a new connection from RemoteAddress:RemotePort is ready to be accepted. Use the Accept parameter to accept or decline it.

Subscribe to Connect event to be notified of every connection that has been set up.

Connect Event (TLSServer Component)

Reports an accepted connection.

Syntax

typedef struct {
  __int64 ConnectionID;
  String RemoteAddress;
  int RemotePort;
} TsbxTLSServerConnectEventParams;
typedef void __fastcall (__closure *TsbxTLSServerConnectEvent)(System::TObject* Sender, TsbxTLSServerConnectEventParams *e);
__property TsbxTLSServerConnectEvent OnConnect = { read=FOnConnect, write=FOnConnect };

Remarks

The component fires this event to report that a new connection has been established. ConnectionId indicates the unique ID assigned to this connection. The same ID will be supplied to any other events related to this connection, such as TLSHandshake or Data.

Data Event (TLSServer Component)

Supplies a data chunk received from a client.

Syntax

typedef struct {
  __int64 ConnectionID;
  DynamicArray Buffer;
} TsbxTLSServerDataEventParams;
typedef void __fastcall (__closure *TsbxTLSServerDataEvent)(System::TObject* Sender, TsbxTLSServerDataEventParams *e);
__property TsbxTLSServerDataEvent OnData = { read=FOnData, write=FOnData };

Remarks

This event is fired to supply another piece of data received from a client. This event may fire multiple times.

Disconnect Event (TLSServer Component)

Fires to report a disconnected client.

Syntax

typedef struct {
  __int64 ConnectionID;
} TsbxTLSServerDisconnectEventParams;
typedef void __fastcall (__closure *TsbxTLSServerDisconnectEvent)(System::TObject* Sender, TsbxTLSServerDisconnectEventParams *e);
__property TsbxTLSServerDisconnectEvent OnDisconnect = { read=FOnDisconnect, write=FOnDisconnect };

Remarks

The component fires this event when a connected client disconnects.

Error Event (TLSServer Component)

Information about errors during data delivery.

Syntax

typedef struct {
  __int64 ConnectionID;
  int ErrorCode;
  bool Fatal;
  bool Remote;
  String Description;
} TsbxTLSServerErrorEventParams;
typedef void __fastcall (__closure *TsbxTLSServerErrorEvent)(System::TObject* Sender, TsbxTLSServerErrorEventParams *e);
__property TsbxTLSServerErrorEvent OnError = { read=FOnError, write=FOnError };

Remarks

The event is fired in case of exceptional conditions during message processing.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the HTTPS section.

ExternalSign Event (TLSServer Component)

Handles remote or external signing initiated by the server protocol.

Syntax

typedef struct {
  __int64 ConnectionID;
  String OperationId;
  String HashAlgorithm;
  String Pars;
  String Data;
  String SignedData;
} TsbxTLSServerExternalSignEventParams;
typedef void __fastcall (__closure *TsbxTLSServerExternalSignEvent)(System::TObject* Sender, TsbxTLSServerExternalSignEventParams *e);
__property TsbxTLSServerExternalSignEvent OnExternalSign = { read=FOnExternalSign, write=FOnExternalSign };

Remarks

Assign a handler to this event if you need to delegate a low-level signing operation to an external, remote, or custom signing engine. Depending on the settings, the handler will receive a hashed or unhashed value to be signed.

The event handler must pass the value of Data to the signer, obtain the signature, and pass it back to the component via the SignedData parameter.

OperationId provides a comment about the operation and its origin. It depends on the exact component being used, and may be empty. HashAlgorithm specifies the hash algorithm being used for the operation, and Pars contains algorithm-dependent parameters.

The component uses base16 (hex) encoding for the Data, SignedData, and Pars parameters. If your signing engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the signing.

A sample MD5 hash encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16

A sample event handler that uses the .NET RSACryptoServiceProvider class may look like the following: signer.OnExternalSign += (s, e) => { var cert = new X509Certificate2("cert.pfx", "", X509KeyStorageFlags.Exportable); var key = (RSACryptoServiceProvider)cert.PrivateKey; var dataToSign = e.Data.FromBase16String(); var signedData = key.SignHash(dataToSign, "2.16.840.1.101.3.4.2.1"); e.SignedData = signedData.ToBase16String(); };

Notification Event (TLSServer Component)

This event notifies the application about an underlying control flow event.

Syntax

typedef struct {
  String EventID;
  String EventParam;
} TsbxTLSServerNotificationEventParams;
typedef void __fastcall (__closure *TsbxTLSServerNotificationEvent)(System::TObject* Sender, TsbxTLSServerNotificationEventParams *e);
__property TsbxTLSServerNotificationEvent OnNotification = { read=FOnNotification, write=FOnNotification };

Remarks

The component fires this event to let the application know about some event, occurrence, or milestone in the component. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the component, the exact action it is performing, or the document being processed, one or both may be omitted.

This component can fire this event with the following EventID values:

TLSCertValidate Event (TLSServer Component)

Fires when a client certificate needs to be validated.

Syntax

typedef struct {
  __int64 ConnectionID;
  bool Accept;
} TsbxTLSServerTLSCertValidateEventParams;
typedef void __fastcall (__closure *TsbxTLSServerTLSCertValidateEvent)(System::TObject* Sender, TsbxTLSServerTLSCertValidateEventParams *e);
__property TsbxTLSServerTLSCertValidateEvent OnTLSCertValidate = { read=FOnTLSCertValidate, write=FOnTLSCertValidate };

Remarks

The component fires this event to notify the application of an authenticating client. Use the event handler to validate the certificate and pass your decision back to the server component via the Accept parameter.

TLSEstablished Event (TLSServer Component)

Reports the setup of a TLS session.

Syntax

typedef struct {
  __int64 ConnectionID;
} TsbxTLSServerTLSEstablishedEventParams;
typedef void __fastcall (__closure *TsbxTLSServerTLSEstablishedEvent)(System::TObject* Sender, TsbxTLSServerTLSEstablishedEventParams *e);
__property TsbxTLSServerTLSEstablishedEvent OnTLSEstablished = { read=FOnTLSEstablished, write=FOnTLSEstablished };

Remarks

Subscribe to this event to be notified about the setup of a TLS connection by a connected client.

TLSHandshake Event (TLSServer Component)

Fires when a newly established client connection initiates a TLS handshake.

Syntax

typedef struct {
  __int64 ConnectionID;
  String ServerName;
  bool Abort;
} TsbxTLSServerTLSHandshakeEventParams;
typedef void __fastcall (__closure *TsbxTLSServerTLSHandshakeEvent)(System::TObject* Sender, TsbxTLSServerTLSHandshakeEventParams *e);
__property TsbxTLSServerTLSHandshakeEvent OnTLSHandshake = { read=FOnTLSHandshake, write=FOnTLSHandshake };

Remarks

Use this event to get notified about the initiation of the TLS handshake by the remote client. The ServerName parameter specifies the requested host from the client hello message.

TLSPSK Event (TLSServer Component)

Requests a pre-shared key for TLS-PSK.

Syntax

typedef struct {
  __int64 ConnectionID;
  String Identity;
  String PSK;
  String Ciphersuite;
} TsbxTLSServerTLSPSKEventParams;
typedef void __fastcall (__closure *TsbxTLSServerTLSPSKEvent)(System::TObject* Sender, TsbxTLSServerTLSPSKEventParams *e);
__property TsbxTLSServerTLSPSKEvent OnTLSPSK = { read=FOnTLSPSK, write=FOnTLSPSK };

Remarks

The component fires this event to report that a client has requested a TLS-PSK negotiation. ConnectionId indicates the unique connection ID that requested the PSK handshake.

Use Identity to look up for the corresponding pre-shared key in the server's database, then assign the key to the PSK parameter. If TLS 1.3 PSK is used, you will also need to assign the Ciphersuite parameter with the cipher suite associated with that identity and their key.

TLSShutdown Event (TLSServer Component)

Reports closure of a TLS session.

Syntax

typedef struct {
  __int64 ConnectionID;
} TsbxTLSServerTLSShutdownEventParams;
typedef void __fastcall (__closure *TsbxTLSServerTLSShutdownEvent)(System::TObject* Sender, TsbxTLSServerTLSShutdownEventParams *e);
__property TsbxTLSServerTLSShutdownEvent OnTLSShutdown = { read=FOnTLSShutdown, write=FOnTLSShutdown };

Remarks

The component fires this event when a connected client closes their TLS session gracefully. This event is typically followed by a Disconnect, which marks the closure of the underlying TCP session.

Config Settings (TLSServer Component)

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

TLSServer Config Settings

Base Config Settings

Trappable Errors (TLSServer Component)

TLSServer Errors