THRIFT-5876: Add Delphi WinHTTP client TLS1.3 support Client: Delphi Patch: fcprete & Jens Geyer This closes #3166

commit: 28113f4d9cf98b93164ad60d49b761237b222e45 [log] [tgz]
author: fcprete <113495956+fcprete@users.noreply.github.com> Tue Jun 10 02:54:38 2025 +0200
committer: Jens Geyer <jensg@apache.org> Thu Jun 12 23:16:15 2025 +0200
tree: 004961f28b918365897a21201356d1d61da6462b
parent: f0f72d8e7e99341b37916ed3c7762602394d54a4 [diff] [blame]
diff --git a/lib/delphi/src/Thrift.Transport.pas b/lib/delphi/src/Thrift.Transport.pas
index 4ca3831..6f9a93d 100644
--- a/lib/delphi/src/Thrift.Transport.pas
+++ b/lib/delphi/src/Thrift.Transport.pas

@@ -201,8 +201,14 @@
   end;
 
   TSecureProtocol = (
-    SSL_2, SSL_3, TLS_1,   // outdated, for compatibilty only
-    TLS_1_1, TLS_1_2       // secure (as of today)
+    // outdated, for compatibility only
+    SSL_2,
+    SSL_3,
+    TLS_1,
+    TLS_1_1,
+    // secure (as of today)
+    TLS_1_2,
+    TLS_1_3
   );
 
   TSecureProtocols = set of TSecureProtocol;
@@ -481,7 +487,13 @@
 
 
 const
-  DEFAULT_THRIFT_SECUREPROTOCOLS = [ TSecureProtocol.TLS_1_1, TSecureProtocol.TLS_1_2];
+  // From https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-
+  //  > TLS 1.3 is supported starting in Windows 11 and Windows Server 2022.
+  //  > Enabling TLS 1.3 on earlier versions of Windows is not a safe system configuration.
+  DEFAULT_THRIFT_SECUREPROTOCOLS = [
+    TSecureProtocol.TLS_1_2
+    //TSecureProtocol.TLS_1_3   -- not supported on Win10 (see comment)
+  ];
 
 implementation
commit	28113f4d9cf98b93164ad60d49b761237b222e45	[log] [tgz]
author	fcprete <113495956+fcprete@users.noreply.github.com>	Tue Jun 10 02:54:38 2025 +0200
committer	Jens Geyer <jensg@apache.org>	Thu Jun 12 23:16:15 2025 +0200
tree	004961f28b918365897a21201356d1d61da6462b
parent	f0f72d8e7e99341b37916ed3c7762602394d54a4 [diff] [blame]