diff options
author | Allan Sandfeld Jensen <allan.jensen@digia.com> | 2014-10-21 15:44:43 +0200 |
---|---|---|
committer | Kai Koehne <kai.koehne@theqtcompany.com> | 2014-10-24 12:46:26 +0200 |
commit | 3fd2d9eff8c1f948306ee5fbfe364ccded1c4b84 (patch) | |
tree | 13d642dd142c5f8dc2b2439c98409b71fba3d8f6 /src/network/ssl/qsslcontext_openssl.cpp | |
parent | 88e7a4f661da166e81171a3188f6290c40a2f748 (diff) |
Update QSsl::SecureProtocols to not include Sslv3
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/ssl/qsslcontext_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslcontext_openssl.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index 6daddebba3..c042d98056 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -139,8 +139,11 @@ init_context: case QSsl::SslV3: sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); break; - case QSsl::SecureProtocols: // SslV2 will be disabled below - case QSsl::TlsV1SslV3: // SslV2 will be disabled below + case QSsl::SecureProtocols: + // SSLv2 and SSLv3 will be disabled by SSL options + // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. + case QSsl::TlsV1SslV3: + // SSLv2 will will be disabled by SSL options case QSsl::AnyProtocol: default: sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); |