summaryrefslogtreecommitdiffstats
path: root/src/network/ssl
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2011-02-25 11:15:42 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2011-02-28 12:39:49 (GMT)
commit3287348434ee1f15c7468c7d25b2fc97c8791371 (patch)
treeb609578b53075953adbb7f39be23afafba8707ab /src/network/ssl
parent2053ac707d0d74761ac926bafe3f3fced6daf490 (diff)
downloadQt-3287348434ee1f15c7468c7d25b2fc97c8791371.zip
Qt-3287348434ee1f15c7468c7d25b2fc97c8791371.tar.gz
Qt-3287348434ee1f15c7468c7d25b2fc97c8791371.tar.bz2
SSL: Switch default version to TLS 1.0
TLS is backward compatible, so servers only supporting SSL 3 should still work. All browsers send a TLS 1.0 Client Hello these days. However, some servers apparently have problems with a TLS handshake (and a SNI message); for now, wait and see how many of them are broken and either add a fallback to SSLv3 or blacklist them (i.e. set the used SSL version for those servers explicitly). Reviewed-by: Markus Goetz
Diffstat (limited to 'src/network/ssl')
-rw-r--r--src/network/ssl/qssl.cpp4
-rw-r--r--src/network/ssl/qsslconfiguration.cpp4
-rw-r--r--src/network/ssl/qsslconfiguration_p.h2
-rw-r--r--src/network/ssl/qsslsocket.cpp4
4 files changed, 7 insertions, 7 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index e9e7d21..8a450b9 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -101,9 +101,9 @@ QT_BEGIN_NAMESPACE
Describes the protocol of the cipher.
- \value SslV3 SSLv3 - the default protocol.
+ \value SslV3 SSLv3
\value SslV2 SSLv2
- \value TlsV1 TLSv1
+ \value TlsV1 TLSv1 - the default protocol.
\value UnknownProtocol The cipher's protocol cannot be determined.
\value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This
value is used by QSslSocket only.
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 3592226..b0d5c90 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -213,7 +213,7 @@ bool QSslConfiguration::isNull() const
*/
QSsl::SslProtocol QSslConfiguration::protocol() const
{
- return d ? d->protocol : QSsl::SslV3;
+ return d ? d->protocol : QSsl::TlsV1;
}
/*!
@@ -518,7 +518,7 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
\list
\o no local certificate and no private key
- \o protocol SSLv3
+ \o protocol TlsV1
\o the system's default CA certificate list
\o the cipher list equal to the list of the SSL libraries'
supported SSL ciphers
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index b039e69..47adace 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -80,7 +80,7 @@ class QSslConfigurationPrivate: public QSharedData
{
public:
QSslConfigurationPrivate()
- : protocol(QSsl::SslV3),
+ : protocol(QSsl::TlsV1),
peerVerifyMode(QSslSocket::AutoVerifyPeer),
peerVerifyDepth(0)
{ }
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index b9d8e16..224ed67 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -56,7 +56,7 @@
QSslSocket establishes a secure, encrypted TCP connection you can
use for transmitting encrypted data. It can operate in both client
and server mode, and it supports modern SSL protocols, including
- SSLv3 and TLSv1. By default, QSslSocket uses SSLv3, but you can
+ SSLv3 and TLSv1. By default, QSslSocket uses TLSv1, but you can
change the SSL protocol by calling setProtocol() as long as you do
it before the handshake has started.
@@ -552,7 +552,7 @@ bool QSslSocket::isEncrypted() const
}
/*!
- Returns the socket's SSL protocol. By default, \l QSsl::SslV3 is used.
+ Returns the socket's SSL protocol. By default, \l QSsl::TLSv1 is used.
\sa setProtocol()
*/