SSL: Switch default version to TLS 1.0

TLS is backward compatible, so servers only supporting SSL 3 should
still work. All browsers send a TLS 1.0 Client Hello these days.
However, some servers apparently have problems with a TLS handshake
(and a SNI message); for now, wait and see how many of them are
broken and either add a fallback to SSLv3 or blacklist them (i.e.
set the used SSL version for those servers explicitly).

Reviewed-by: Markus Goetz

5 files changed, 9 insertions, 9 deletions

diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index e9e7d21..8a450b9 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -101,9 +101,9 @@ QT_BEGIN_NAMESPACE
 
     Describes the protocol of the cipher.
 
-    \value SslV3 SSLv3 - the default protocol.
+    \value SslV3 SSLv3
     \value SslV2 SSLv2
-    \value TlsV1 TLSv1
+    \value TlsV1 TLSv1 - the default protocol.
     \value UnknownProtocol The cipher's protocol cannot be determined.
     \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This
     value is used by QSslSocket only.
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 3592226..b0d5c90 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -213,7 +213,7 @@ bool QSslConfiguration::isNull() const
 */
 QSsl::SslProtocol QSslConfiguration::protocol() const
 {
-    return d ? d->protocol : QSsl::SslV3;
+    return d ? d->protocol : QSsl::TlsV1;
 }
 
 /*!
@@ -518,7 +518,7 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
 
     \list
       \o no local certificate and no private key
-      \o protocol SSLv3
+      \o protocol TlsV1
       \o the system's default CA certificate list
       \o the cipher list equal to the list of the SSL libraries'
          supported SSL ciphers
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index b039e69..47adace 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -80,7 +80,7 @@ class QSslConfigurationPrivate: public QSharedData
 {
 public:
     QSslConfigurationPrivate()
-        : protocol(QSsl::SslV3),
+        : protocol(QSsl::TlsV1),
           peerVerifyMode(QSslSocket::AutoVerifyPeer),
           peerVerifyDepth(0)
     { }
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index b9d8e16..224ed67 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -56,7 +56,7 @@
     QSslSocket establishes a secure, encrypted TCP connection you can
     use for transmitting encrypted data. It can operate in both client
     and server mode, and it supports modern SSL protocols, including
-    SSLv3 and TLSv1. By default, QSslSocket uses SSLv3, but you can
+    SSLv3 and TLSv1. By default, QSslSocket uses TLSv1, but you can
     change the SSL protocol by calling setProtocol() as long as you do
     it before the handshake has started.
 
@@ -552,7 +552,7 @@ bool QSslSocket::isEncrypted() const
 }
 
 /*!
-    Returns the socket's SSL protocol. By default, \l QSsl::SslV3 is used.
+    Returns the socket's SSL protocol. By default, \l QSsl::TLSv1 is used.
 
     \sa setProtocol()
 */
diff --git a/tests/auto/qsslsocket/tst_qsslsocket.cpp b/tests/auto/qsslsocket/tst_qsslsocket.cpp
index 739f902..4beddad 100644
--- a/tests/auto/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/qsslsocket/tst_qsslsocket.cpp
@@ -385,7 +385,7 @@ void tst_QSslSocket::constructing()
     QVERIFY(!socket.waitForConnected(10));
     QTest::ignoreMessage(QtWarningMsg, "QSslSocket::waitForDisconnected() is not allowed in UnconnectedState");
     QVERIFY(!socket.waitForDisconnected(10));
-    QCOMPARE(socket.protocol(), QSsl::SslV3);
+    QCOMPARE(socket.protocol(), QSsl::TlsV1);
 
     QSslConfiguration savedDefault = QSslConfiguration::defaultConfiguration();
 
@@ -771,7 +771,7 @@ void tst_QSslSocket::protocol()
 #endif
 
 //    qDebug() << "socket cert:" << socket->caCertificates().at(0).issuerInfo(QSslCertificate::CommonName);
-    QCOMPARE(socket->protocol(), QSsl::SslV3);
+    QCOMPARE(socket->protocol(), QSsl::TlsV1);
     {
         // Fluke allows SSLv3.
         socket->setProtocol(QSsl::SslV3);