summaryrefslogtreecommitdiffstats
path: root/src/network
diff options
context:
space:
mode:
Diffstat (limited to 'src/network')
-rw-r--r--src/network/ssl/qssl.cpp5
-rw-r--r--src/network/ssl/qsslconfiguration.cpp4
-rw-r--r--src/network/ssl/qsslconfiguration_p.h4
3 files changed, 9 insertions, 4 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index 49e086f..9578178 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -148,8 +148,9 @@ QT_BEGIN_NAMESPACE
By default, SslOptionDisableEmptyFragments is turned on since this causes
problems with a large number of servers. SslOptionDisableLegacyRenegotiation
- is also turned on, since it introduces a security risk. The other options
- are turned off.
+ is also turned on, since it introduces a security risk.
+ SslOptionDisableCompression is turned on to prevent the attack publicised by
+ CRIME. The other options are turned off.
Note: Availability of above options depends on the version of the SSL
backend in use.
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 24c7b77..3a05f54 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -201,7 +201,9 @@ bool QSslConfiguration::isNull() const
d->privateKey.isNull() &&
d->peerCertificate.isNull() &&
d->peerCertificateChain.count() == 0 &&
- d->sslOptions == (QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation));
+ d->sslOptions == ( QSsl::SslOptionDisableEmptyFragments
+ |QSsl::SslOptionDisableLegacyRenegotiation
+ |QSsl::SslOptionDisableCompression));
}
/*!
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index 74f17cd..c36b651 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -83,7 +83,9 @@ public:
: protocol(QSsl::SecureProtocols),
peerVerifyMode(QSslSocket::AutoVerifyPeer),
peerVerifyDepth(0),
- sslOptions(QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation)
+ sslOptions(QSsl::SslOptionDisableEmptyFragments
+ |QSsl::SslOptionDisableLegacyRenegotiation
+ |QSsl::SslOptionDisableCompression)
{ }
QSslCertificate peerCertificate;
generated by cgit v0.12 at 2024-11-11 15:16:35 (GMT)