Update QSsl::SecureProtocols to not include Sslv3

After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.

[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3

Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>

1 files changed, 5 insertions, 5 deletions

diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index 63c826a3d7..740131797c 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -119,12 +119,12 @@ QT_BEGIN_NAMESPACE
     a TLS 1.0 Client Hello, enabling TLSv1_0 and SSLv3 connections.
     On the server side, this will enable both SSLv3 and TLSv1_0 connections.
     \value SecureProtocols The default option, using protocols known to be secure;
-    currently behaves like TlsV1SslV3.
+    currently behaves similar to TlsV1Ssl3 except denying SSLv3 connections that does
+    not upgrade to TLS.
 
-    \note most servers using SSL understand both versions (2 and 3),
-    but it is recommended to use the latest version only for security
-    reasons. However, SSL and TLS are not compatible with each other:
-    if you get unexpected handshake failures, verify that you chose
+    \note most servers understand both SSL and TLS, but it is recommended to use
+    TLS only for security reasons. However, SSL and TLS are not compatible with
+    each other: if you get unexpected handshake failures, verify that you chose
     the correct setting for your protocol.
 */