summaryrefslogtreecommitdiffstats
path: root/src/network
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2011-03-14 13:58:53 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2011-03-14 16:47:50 (GMT)
commitf8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733 (patch)
treef11cf291f699d7add0edafb6a8423cbd0faba5e1 /src/network
parentb2c8421ff95ad62cbd67843ad5cd3edf72ecda31 (diff)
downloadQt-f8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733.zip
Qt-f8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733.tar.gz
Qt-f8f6e15ee3ec0b7aec8421cb5ddaab0ff871e733.tar.bz2
SSL: Switch default version to TlsV1SslV3 (i.e. use TLS 1 or SSL 3)
... and introduce a new enum SecureProtocols. Switching the default version is better for compatibility (e.g. servers using this option will understand both TLS and SSL 3). Reviewed-by: Markus Goetz
Diffstat (limited to 'src/network')
-rw-r--r--src/network/ssl/qssl.cpp4
-rw-r--r--src/network/ssl/qssl.h1
-rw-r--r--src/network/ssl/qsslconfiguration.cpp4
-rw-r--r--src/network/ssl/qsslconfiguration_p.h2
-rw-r--r--src/network/ssl/qsslsocket.cpp2
5 files changed, 8 insertions, 5 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index 241eb12..e3dc84c 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -103,13 +103,15 @@ QT_BEGIN_NAMESPACE
\value SslV3 SSLv3
\value SslV2 SSLv2
- \value TlsV1 TLSv1 - the default protocol.
+ \value TlsV1 TLSv1
\value UnknownProtocol The cipher's protocol cannot be determined.
\value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This
value is used by QSslSocket only.
\value TlsV1SslV3 On the client side, this will send
a TLS 1.0 Client Hello, enabling TLSv1 and SSLv3 connections.
On the server side, this will enable both SSLv3 and TLSv1 connections.
+ \value SecureProtocols The default option, using protocols known to be secure.
+ Currently set to TlsV1SslV3.
Note: most servers using SSL understand both versions (2 and 3),
but it is recommended to use the latest version only for security
diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h
index e13ee78..7c47361 100644
--- a/src/network/ssl/qssl.h
+++ b/src/network/ssl/qssl.h
@@ -78,6 +78,7 @@ namespace QSsl {
TlsV1,
AnyProtocol,
TlsV1SslV3,
+ SecureProtocols = TlsV1SslV3,
UnknownProtocol = -1
};
}
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index b0d5c90..150f77e 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -213,7 +213,7 @@ bool QSslConfiguration::isNull() const
*/
QSsl::SslProtocol QSslConfiguration::protocol() const
{
- return d ? d->protocol : QSsl::TlsV1;
+ return d ? d->protocol : QSsl::SecureProtocols;
}
/*!
@@ -518,7 +518,7 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
\list
\o no local certificate and no private key
- \o protocol TlsV1
+ \o protocol SecureProtocols (meaning either TLS 1.0 or SSL 3 will be used)
\o the system's default CA certificate list
\o the cipher list equal to the list of the SSL libraries'
supported SSL ciphers
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index 47adace..1c6815b 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -80,7 +80,7 @@ class QSslConfigurationPrivate: public QSharedData
{
public:
QSslConfigurationPrivate()
- : protocol(QSsl::TlsV1),
+ : protocol(QSsl::TlsV1SslV3),
peerVerifyMode(QSslSocket::AutoVerifyPeer),
peerVerifyDepth(0)
{ }
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 224ed67..98e2dc5 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -552,7 +552,7 @@ bool QSslSocket::isEncrypted() const
}
/*!
- Returns the socket's SSL protocol. By default, \l QSsl::TLSv1 is used.
+ Returns the socket's SSL protocol. By default, \l QSsl::SecureProtocols is used.
\sa setProtocol()
*/