diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-02-25 11:15:42 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-02-28 12:39:49 (GMT) |
commit | 3287348434ee1f15c7468c7d25b2fc97c8791371 (patch) | |
tree | b609578b53075953adbb7f39be23afafba8707ab /src/network/ssl | |
parent | 2053ac707d0d74761ac926bafe3f3fced6daf490 (diff) | |
download | Qt-3287348434ee1f15c7468c7d25b2fc97c8791371.zip Qt-3287348434ee1f15c7468c7d25b2fc97c8791371.tar.gz Qt-3287348434ee1f15c7468c7d25b2fc97c8791371.tar.bz2 |
SSL: Switch default version to TLS 1.0
TLS is backward compatible, so servers only supporting SSL 3 should
still work. All browsers send a TLS 1.0 Client Hello these days.
However, some servers apparently have problems with a TLS handshake
(and a SNI message); for now, wait and see how many of them are
broken and either add a fallback to SSLv3 or blacklist them (i.e.
set the used SSL version for those servers explicitly).
Reviewed-by: Markus Goetz
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qssl.cpp | 4 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 4 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration_p.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 4 |
4 files changed, 7 insertions, 7 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index e9e7d21..8a450b9 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -101,9 +101,9 @@ QT_BEGIN_NAMESPACE Describes the protocol of the cipher. - \value SslV3 SSLv3 - the default protocol. + \value SslV3 SSLv3 \value SslV2 SSLv2 - \value TlsV1 TLSv1 + \value TlsV1 TLSv1 - the default protocol. \value UnknownProtocol The cipher's protocol cannot be determined. \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This value is used by QSslSocket only. diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index 3592226..b0d5c90 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -213,7 +213,7 @@ bool QSslConfiguration::isNull() const */ QSsl::SslProtocol QSslConfiguration::protocol() const { - return d ? d->protocol : QSsl::SslV3; + return d ? d->protocol : QSsl::TlsV1; } /*! @@ -518,7 +518,7 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific \list \o no local certificate and no private key - \o protocol SSLv3 + \o protocol TlsV1 \o the system's default CA certificate list \o the cipher list equal to the list of the SSL libraries' supported SSL ciphers diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h index b039e69..47adace 100644 --- a/src/network/ssl/qsslconfiguration_p.h +++ b/src/network/ssl/qsslconfiguration_p.h @@ -80,7 +80,7 @@ class QSslConfigurationPrivate: public QSharedData { public: QSslConfigurationPrivate() - : protocol(QSsl::SslV3), + : protocol(QSsl::TlsV1), peerVerifyMode(QSslSocket::AutoVerifyPeer), peerVerifyDepth(0) { } diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index b9d8e16..224ed67 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -56,7 +56,7 @@ QSslSocket establishes a secure, encrypted TCP connection you can use for transmitting encrypted data. It can operate in both client and server mode, and it supports modern SSL protocols, including - SSLv3 and TLSv1. By default, QSslSocket uses SSLv3, but you can + SSLv3 and TLSv1. By default, QSslSocket uses TLSv1, but you can change the SSL protocol by calling setProtocol() as long as you do it before the handshake has started. @@ -552,7 +552,7 @@ bool QSslSocket::isEncrypted() const } /*! - Returns the socket's SSL protocol. By default, \l QSsl::SslV3 is used. + Returns the socket's SSL protocol. By default, \l QSsl::TLSv1 is used. \sa setProtocol() */ |