diff options
| author | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-14 14:28:34 +0100 |
|---|---|---|
| committer | Peter Hartmann <peter.hartmann@nokia.com> | 2011-03-14 17:47:40 +0100 |
| commit | b2c8421ff95ad62cbd67843ad5cd3edf72ecda31 (patch) | |
| tree | e919c4f9c5b13ee32be1ada6cedcd52c2e3c3256 /src/network | |
| parent | d0e46f9221b614007cc4dea25e0f83d10f1c2f11 (diff) | |
SSL: introduce new option TlsV1SslV3 for SSL communication
currently there are 3 supported protocols: SSL2, SSL3 and TLS1. SSL2
is considered insecure and should not be used anymore. This commit
offers an option to use both TLS1 and SSL3, leaving SSL2 out.
Part-of-the-patch-by: Darren Lissimore
Reviewed-by: Markus Goetz
Task-number: QTBUG-12338
Diffstat (limited to 'src/network')
| -rw-r--r-- | src/network/ssl/qssl.cpp | 3 | ||||
| -rw-r--r-- | src/network/ssl/qssl.h | 1 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 7 |
3 files changed, 10 insertions, 1 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index 8a450b90fc..241eb121b9 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -107,6 +107,9 @@ QT_BEGIN_NAMESPACE \value UnknownProtocol The cipher's protocol cannot be determined. \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This value is used by QSslSocket only. + \value TlsV1SslV3 On the client side, this will send + a TLS 1.0 Client Hello, enabling TLSv1 and SSLv3 connections. + On the server side, this will enable both SSLv3 and TLSv1 connections. Note: most servers using SSL understand both versions (2 and 3), but it is recommended to use the latest version only for security diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index 4c035fd175..e13ee78974 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -77,6 +77,7 @@ namespace QSsl { SslV2, TlsV1, AnyProtocol, + TlsV1SslV3, UnknownProtocol = -1 }; } diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 646889cf61..8da3bb76dc 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -259,6 +259,7 @@ init_context: case QSsl::SslV3: ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); break; + case QSsl::TlsV1SslV3: // TlsV1SslV3 will be disabled below case QSsl::AnyProtocol: default: ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); @@ -284,7 +285,11 @@ init_context: } // Enable all bug workarounds. - q_SSL_CTX_set_options(ctx, SSL_OP_ALL); + if (configuration.protocol == QSsl::TlsV1SslV3) { + q_SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2); + } else { + q_SSL_CTX_set_options(ctx, SSL_OP_ALL); + } // Initialize ciphers QByteArray cipherString; |