In a very simply program, I download update information and query a REST API using Synapse (40.1 from OPM). Works fine on Windows. Both https URLs, using ssl_openssl.
On Linux and MacOS, HttpGetBinary always failed. I then expanded the code to use the THTTPSend class, and was step by step logging details.
Further testing showed that the server only accepts TLS 1.1 and TLS 1.2. On Windows, this was properly negiotated. On Linux (Debian 9) and MacOS (Sierra & High Sierra), it wasn't.
The workaround is to force the mode (otherwise it would be LT_all, which would try SSL 2.3) through
FHTTPSender.Sock.SSL.SSLType := LT_TLSv1_2;
On Windows, I use OpenSSL version 1.0.2p (1.0.2.16).
Debian has 1.0.2l.
MacOS LibreSSL 2.2.7.
Since I couldn't see related OS-specific code in ssl_openssl.pas - was I lucky on Windows to always use the latest OpenSSL version? Or is there something else behind this?