diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-14 13:58:53 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-14 16:47:50 (GMT) |
commit | f8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733 (patch) | |
tree | f11cf291f699d7add0edafb6a8423cbd0faba5e1 /src/network | |
parent | b2c8421ff95ad62cbd67843ad5cd3edf72ecda31 (diff) | |
download | Qt-f8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733.zip Qt-f8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733.tar.gz Qt-f8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733.tar.bz2 |
SSL: Switch default version to TlsV1SslV3 (i.e. use TLS 1 or SSL 3)
... and introduce a new enum SecureProtocols.
Switching the default version is better for compatibility (e.g.
servers using this option will understand both TLS and SSL 3).
Reviewed-by: Markus Goetz
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qssl.cpp | 4 | ||||
-rw-r--r-- | src/network/ssl/qssl.h | 1 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 4 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration_p.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 2 |
5 files changed, 8 insertions, 5 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index 241eb12..e3dc84c 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -103,13 +103,15 @@ QT_BEGIN_NAMESPACE \value SslV3 SSLv3 \value SslV2 SSLv2 - \value TlsV1 TLSv1 - the default protocol. + \value TlsV1 TLSv1 \value UnknownProtocol The cipher's protocol cannot be determined. \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This value is used by QSslSocket only. \value TlsV1SslV3 On the client side, this will send a TLS 1.0 Client Hello, enabling TLSv1 and SSLv3 connections. On the server side, this will enable both SSLv3 and TLSv1 connections. + \value SecureProtocols The default option, using protocols known to be secure. + Currently set to TlsV1SslV3. Note: most servers using SSL understand both versions (2 and 3), but it is recommended to use the latest version only for security diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index e13ee78..7c47361 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -78,6 +78,7 @@ namespace QSsl { TlsV1, AnyProtocol, TlsV1SslV3, + SecureProtocols = TlsV1SslV3, UnknownProtocol = -1 }; } diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index b0d5c90..150f77e 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -213,7 +213,7 @@ bool QSslConfiguration::isNull() const */ QSsl::SslProtocol QSslConfiguration::protocol() const { - return d ? d->protocol : QSsl::TlsV1; + return d ? d->protocol : QSsl::SecureProtocols; } /*! @@ -518,7 +518,7 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific \list \o no local certificate and no private key - \o protocol TlsV1 + \o protocol SecureProtocols (meaning either TLS 1.0 or SSL 3 will be used) \o the system's default CA certificate list \o the cipher list equal to the list of the SSL libraries' supported SSL ciphers diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h index 47adace..1c6815b 100644 --- a/src/network/ssl/qsslconfiguration_p.h +++ b/src/network/ssl/qsslconfiguration_p.h @@ -80,7 +80,7 @@ class QSslConfigurationPrivate: public QSharedData { public: QSslConfigurationPrivate() - : protocol(QSsl::TlsV1), + : protocol(QSsl::TlsV1SslV3), peerVerifyMode(QSslSocket::AutoVerifyPeer), peerVerifyDepth(0) { } diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 224ed67..98e2dc5 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -552,7 +552,7 @@ bool QSslSocket::isEncrypted() const } /*! - Returns the socket's SSL protocol. By default, \l QSsl::TLSv1 is used. + Returns the socket's SSL protocol. By default, \l QSsl::SecureProtocols is used. \sa setProtocol() */ |