Positive: Delphi 10.1 Berlin is out; negative all Embarcadero HTTPS sites still vulnerable to DROWN attack


The good news: Delphi 10.1 Berlin is out and released in Berlin (note: you might want to rename Delphi 10 Seattle into Delphi 10.0 Seattle).
Some links:

Bug fix list.
What’s New – RAD Studio.
From the 10.1 What’s New (thanks David Heffernan):

To enforce visibility semantics, class and record helpers cannot access private members of the classes or records that they extend.

Lots of Berlin downloads:

30507 RAD Studio 10.1 Berlin Web Install.
30522 BDE Installer for RAD Studio, Delphi, C++Builder 10.1 Berlin.
30521 RAD Studio 10.1 Berlin FireMonkey Accessibility Pack.
30515 GSA accounts: RAD Studio 10.1 Berlin ISO.
30514 Delphi and C++Builder 10.1 Berlin ISO:


30491 FireMonkey Premium Styles Pack for RAD Studio 10.1 Berlin.
30492 VCL Premium Styles Pack for RAD Studio 10.1 Berlin.
30510 RAD Studio 10.1 Berlin ISO (incl. Delphi and C++Builder) (same ISOs as above).
30509 RAD Studio 10.1 Berlin (incl. Delphi, C++Builder)-30 day trial.
30499 IP*Works for C++Builder 10.1 Berlin.
30498 IP*Works for Delphi 10.1 Berlin.
30500 FastReport VCL 5 for RAD Studio, Delphi, C++Builder 10.1 Berlin.
30507 RAD Studio 10.1 Berlin Web Install.
30501 FastReport FMX for RAD Studio, Delphi and C++Builder 10.1 Berlin.

The not so good thing: I won’t be using it for a while as now for like 6 weeks or so, all the embarcadero HTTPS sites have been vulnerable to the DROWN man-in-the-middle attack that has been discovered 20160301.
Which means that even without going around the non-HTTPS partner site, I won’t be able to make a secure connection and install it.
Which gives me more time to play with the Xamarin Visual Studio 2015 integration and the cool stuff that MvvmCross offers.

F (DROWN attack)
the logon site for regular users

No HTTPS at all
the partner logon site for MVPs and TPs

F (DROWN attack)
the site where to post bug reports and enhancement requests, replacing qc which had no https as all

F (DROWN attack)
the replacement of the forums server which like the original is down a lot of the time) which for a long time defaulted to http login at http://community.embarcadero.com/login hopefully it doesn’t do that any more).

F (DROWN attack)
which has been revived after the old forums server was down more often than it was up

F (DROWN attack)
the developers network server containing articles and information

F (DROWN attack)
buying products

F (DROWN attack)
the main site

 No TLS on main server;
Google Servers have weak cyphers
the mail servers;via ssl-tools.net as SSL labs doesn’t support MX


SSL Labs DROWN Test Implementation Details – Qualys Blog
Filed under: Delphi, Delphi 10 Seattle, Delphi 10.1 Berlin (BigBen), Development, Software Development, Visual Studio 2015, Visual Studio and tools

Comments are closed.