remove ssl connection 2017.2

47748 Framework » All Support for SSLv2 and SSLv3, including the constants, has been removed from SSLSocket.

I remove this had from my web application.
Does anybody know the way to use again secure email socket or just email socket?


SSL is still there. It’s just newer versions of the protocol that are supported. I don’t know why they took the older versions out but they did.

OK, but it cause a crash in web application and the web page are not uploaded well.

I don’t find anything to use as it was.

SSLv2/SSLv3 are no longer considered secure and are removed by default from new system frameworks. You should move to TLSv1 or higher:

If you need any further specific help with your project from Xojo, you can write support.


Because people find this thread when searching for how to update their code, please follow this tidbit:

Use the SSLSocket constant values for ConnectionType, and not the integer values.
Using the constants may offer more protection from removals in the future. When Xojo removes the constants you will get an error when you build. If you are using the integer values you will likely not get build errors from the removals, and this seems to be resulting in a runtime crash for many.

At this time, the constant values are:

SSLSocket.TLSv1 SSLSocket.TLSv11 SSLSocket.TLSv12 SSLSocket.SSLv23

[quote=345647:@Alain Lortie]OK, but it cause a crash in web application and the web page are not uploaded well.

I don’t find anything to use as it was.[/quote]

We had the same topic here:

my solution was:
Change the connection type from 2 to 3, then it worked again, and my web apps don’t crash again. :slight_smile:

I do in one of my program :

aSSLSocket.ConnectionType = 1

and it works??? It shouldn’t if I understand what I read in this topic.

I will modify my program and check that SSLSocket.ConnectionType is one of the constant. (event if I don’t understand why it works when set to 1 which is not a class constant. I don’t like when it doesn’t run and I don’t know why, I don’t like neither when it run and I don’t know why).

Edit : Sorry, SSLSocket.SSLv23 = 1 exists , Tim Parnel wrote it and it appears in Xojo when we enter SSLSocket.… but it doesn’t appear on

SSL23 is an odd duck as I noted on the case for this

SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
A TLS/SSL connection established with these methods may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. If extensions are required (for example server name) a client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best choice when compatibility is a concern.

It looks like it was incorrectly documented previously and so was removed inadvertently