SSL: Switch default version to TLS 1.0

TLS is backward compatible, so servers only supporting SSL 3 should
still work. All browsers send a TLS 1.0 Client Hello these days.
However, some servers apparently have problems with a TLS handshake
(and a SNI message); for now, wait and see how many of them are
broken and either add a fallback to SSLv3 or blacklist them (i.e.
set the used SSL version for those servers explicitly).

Reviewed-by: Markus Goetz

4 files changed, 7 insertions, 7 deletions

diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index e9e7d2156f..8a450b90fc 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -101,9 +101,9 @@ QT_BEGIN_NAMESPACE
 
     Describes the protocol of the cipher.
 
-    \value SslV3 SSLv3 - the default protocol.
+    \value SslV3 SSLv3
     \value SslV2 SSLv2
-    \value TlsV1 TLSv1
+    \value TlsV1 TLSv1 - the default protocol.
     \value UnknownProtocol The cipher's protocol cannot be determined.
     \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This
     value is used by QSslSocket only.
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 3592226ef8..b0d5c904c6 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -213,7 +213,7 @@ bool QSslConfiguration::isNull() const
 */
 QSsl::SslProtocol QSslConfiguration::protocol() const
 {
-    return d ? d->protocol : QSsl::SslV3;
+    return d ? d->protocol : QSsl::TlsV1;
 }
 
 /*!
@@ -518,7 +518,7 @@ void QSslConfiguration::setCaCertificates(const QList<QSslCertificate> &certific
 
     \list
       \o no local certificate and no private key
-      \o protocol SSLv3
+      \o protocol TlsV1
       \o the system's default CA certificate list
       \o the cipher list equal to the list of the SSL libraries'
          supported SSL ciphers
diff --git a/src/network/ssl/qsslconfiguration_p.h b/src/network/ssl/qsslconfiguration_p.h
index b039e694fe..47adace6a6 100644
--- a/src/network/ssl/qsslconfiguration_p.h
+++ b/src/network/ssl/qsslconfiguration_p.h
@@ -80,7 +80,7 @@ class QSslConfigurationPrivate: public QSharedData
 {
 public:
     QSslConfigurationPrivate()
-        : protocol(QSsl::SslV3),
+        : protocol(QSsl::TlsV1),
           peerVerifyMode(QSslSocket::AutoVerifyPeer),
           peerVerifyDepth(0)
     { }
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index b9d8e1642f..224ed676fb 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -56,7 +56,7 @@
     QSslSocket establishes a secure, encrypted TCP connection you can
     use for transmitting encrypted data. It can operate in both client
     and server mode, and it supports modern SSL protocols, including
-    SSLv3 and TLSv1. By default, QSslSocket uses SSLv3, but you can
+    SSLv3 and TLSv1. By default, QSslSocket uses TLSv1, but you can
     change the SSL protocol by calling setProtocol() as long as you do
     it before the handshake has started.
 
@@ -552,7 +552,7 @@ bool QSslSocket::isEncrypted() const
 }
 
 /*!
-    Returns the socket's SSL protocol. By default, \l QSsl::SslV3 is used.
+    Returns the socket's SSL protocol. By default, \l QSsl::TLSv1 is used.
 
     \sa setProtocol()
 */