QSslConfiguration::setCiphers - introduce the overload taking QString

We had such an overloaded version in QSslSocket, it was deprecated without
providing any alternative. Now this function has some use and may be
introduced in Qt6, as QSslConfiguration::setCiphers(const QString &).
Last but not the least - a useless and strange auto-test was removed
(it was creating a list of 5 QSslCiphers each with isNull() == true).
That's becasue '!MD5' or 'ALL' (for example) is not a cipher to be found
in supportedCiphers.

Change-Id: I47eb4c0faa9b52885e883751dd992cd9cb3d26fe
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

4 files changed, 58 insertions, 3 deletions

diff --git a/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp b/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
index 5d90dde5ea..b857a57a63 100644
--- a/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
+++ b/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
@@ -53,3 +53,10 @@ QSslConfiguration config = sslSocket.sslConfiguration();
 config.setProtocol(QSsl::TlsV1_0);
 sslSocket.setSslConfiguration(config);
 //! [0]
+
+
+//! [1]
+QSslConfiguration tlsConfig = QSslConfiguration::defaultConfiguration();
+tlsConfig.setCiphers(QStringLiteral("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA"));
+//! [1]
+
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index a38a998e7d..454b755f41 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -611,6 +611,33 @@ void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers)
 }
 
 /*!
+    \since 6.0
+
+    Sets the cryptographic cipher suite for this configuration to \a ciphers,
+    which is a colon-separated list of cipher suite names. The ciphers are listed
+    in order of preference, starting with the most preferred cipher. For example:
+
+    \snippet code/src_network_ssl_qsslconfiguration.cpp 1
+
+    Each cipher name in \a ciphers must be the name of a cipher in the
+    list returned by supportedCiphers().  Restricting the cipher suite
+    must be done before the handshake phase, where the session cipher
+    is chosen.
+
+    \sa ciphers()
+*/
+void QSslConfiguration::setCiphers(const QString &ciphers)
+{
+    d->ciphers.clear();
+    const auto cipherNames = ciphers.split(QLatin1Char(':'), Qt::SkipEmptyParts);
+    for (const QString &cipherName : cipherNames) {
+        QSslCipher cipher(cipherName);
+        if (!cipher.isNull())
+            d->ciphers << cipher;
+    }
+}
+
+/*!
     \since 5.5
 
     Returns the list of cryptographic ciphers supported by this
diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h
index 90a876b6c5..706ac5775f 100644
--- a/src/network/ssl/qsslconfiguration.h
+++ b/src/network/ssl/qsslconfiguration.h
@@ -125,6 +125,7 @@ public:
     // Cipher settings
     QList<QSslCipher> ciphers() const;
     void setCiphers(const QList<QSslCipher> &ciphers);
+    void setCiphers(const QString &ciphers);
     static QList<QSslCipher> supportedCiphers();
 
     // Certificate Authority (CA) settings
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 97a01efdd3..864d8db008 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -804,10 +804,30 @@ void tst_QSslSocket::ciphers()
     socket.setSslConfiguration(sslConfig);
     QCOMPARE(socket.sslConfiguration().ciphers(), QSslConfiguration::defaultConfiguration().ciphers());
 
-    // Task 164356
-    sslConfig.setCiphers({QSslCipher("ALL"), QSslCipher("!ADH"), QSslCipher("!LOW"),
-                          QSslCipher("!EXP"), QSslCipher("!MD5"), QSslCipher("@STRENGTH")});
+    sslConfig = QSslConfiguration::defaultConfiguration();
+    QList<QSslCipher> ciphers;
+    QString ciphersAsString;
+    const auto &supported = sslConfig.supportedCiphers();
+    for (const auto &cipher : supported) {
+        if (cipher.isNull() || !cipher.name().length())
+            continue;
+        if (ciphers.size() > 0)
+            ciphersAsString += QStringLiteral(":");
+        ciphersAsString += cipher.name();
+        ciphers.append(cipher);
+        if (ciphers.size() == 3) // 3 should be enough.
+            break;
+    }
+
+    if (!ciphers.size())
+        QSKIP("No proper ciphersuite was found to test 'setCiphers'");
+
+    sslConfig.setCiphers(ciphersAsString);
+    socket.setSslConfiguration(sslConfig);
+    QCOMPARE(ciphers, socket.sslConfiguration().ciphers());
+    sslConfig.setCiphers(ciphers);
     socket.setSslConfiguration(sslConfig);
+    QCOMPARE(ciphers, socket.sslConfiguration().ciphers());
 }
 
 void tst_QSslSocket::connectToHostEncrypted()