diff options
| author | Richard Moore <rich@kde.org> | 2011-10-19 11:40:57 +0200 |
|---|---|---|
| committer | Qt by Nokia <qt-info@nokia.com> | 2011-10-20 18:20:12 +0200 |
| commit | 78d02e93aca5325fc5be9bfd275862795207abaa (patch) | |
| tree | 71be722032f646957beb3c683923d37f20314346 /src/network/ssl/qssl.cpp | |
| parent | 5b6894de8771caffdcf27e79412e03a64e103d4a (diff) | |
Add the ability to enable various SSL bug workarounds.
There are lots of buggy SSL servers around and to connect to them you
need to disable various features. This commit adds the ability to
disable the SSL ticket extension, the ability to disable the insertion
of empty fragments, and the ability to disable compression.
Task-number: QTBUG-21906
Change-Id: I3e1d0347a46e9030b889bbf15b2aad19b8513b73
Merge-request: 68
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Diffstat (limited to 'src/network/ssl/qssl.cpp')
| -rw-r--r-- | src/network/ssl/qssl.cpp | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index 17f8014e52..d342a779f6 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -120,4 +120,34 @@ QT_BEGIN_NAMESPACE the correct setting for your protocol. */ +/*! + \enum QSsl::SslOption + + Describes the options that can be used to control the details of + SSL behaviour. These options are generally used to turn features off + to work around buggy servers. + + \value SslOptionDisableEmptyFragments Disables the insertion of empty + fragments into the data when using block ciphers. When enabled, this + prevents some attacks (such as the BEAST attack), however it is + incompatible with some servers. + \value SslOptionDisableTickets Disables the SSL session ticket + extension. This can cause slower connection setup, however some servers + are not compatible with the extension. + \value SslOptionDisableCompression Disables the SSL compression + extension. When enabled, this allows the data being passed over SSL to + be compressed, however some servers are not compatible with this + extension. + \value SslOptionDisableServerNameIndication Disables the SSL server + name indication extension. When enabled, this tells the server the virtual + host being accessed allowing it to respond with the correct certificate. + + By default, SslOptionDisableEmptyFragments is turned on since this causes + problems with a large number of servers, but the other options are disabled. + + Note: Availability of above options depends on the version of the SSL + backend in use. +*/ + + QT_END_NAMESPACE |