diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2019-11-13 10:37:36 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2019-11-28 14:25:36 +0100 |
commit | cd200ad7aef1884a5c36528d5c3933c46c86510f (patch) | |
tree | c55083b1fddd18f069faddd31c8ab964aa691785 /src/network/ssl/qsslsocket_mac.cpp | |
parent | 43f341a13745473cf181cfe6a6ef4725aa2f88eb (diff) |
QSsl - delete all mentions of SslV2 and SslV3
Also, change the notion of 'unsupported protocol' for QSslSocket,
previously it was SslV2 and SslV3, now instead it's all versions
of DTLS and UnknownProtocol:
- makes no sense at all to connect using TCP socket and then
suddenly start using DTLS_client/server_method
- UnknownProtocol is not to be set in a configuration,
unknown means that some ciphersuite's protocol version
cannot be established.
- 'disabledProtocols' auto-test becomes 'unsupportedProtocols'
and tests that QSslSocket fails to start encryption if the
protocol version is wrong.
Handling these enumerators (SslV2 and SslV2) as errors
not needed anymore. Removed from QSslContext and our
existing backends (qsslsocket_whatever).
TlsV1SslV3 enumerator is not making any sense at all (previously
was [SSL v3, TLS 1.0], then became "the same as TLS v. 1.0", but
now this name is very confusing. Removed.
Task-number: QTBUG-75638
Task-number: QTBUG-76501
Change-Id: I2781ba1c3051a7791b476266d4561d956948974a
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Diffstat (limited to 'src/network/ssl/qsslsocket_mac.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 54 |
1 files changed, 2 insertions, 52 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index e0e065679d..fe1c43d992 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -496,10 +496,6 @@ QSsl::SslProtocol QSslSocketBackendPrivate::sessionProtocol() const } switch (protocol) { - case kSSLProtocol2: - return QSsl::SslV2; - case kSSLProtocol3: - return QSsl::SslV3; case kTLSProtocol1: return QSsl::TlsV1_0; case kTLSProtocol11: @@ -657,23 +653,6 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui QSslCipher ciph; switch (cipher) { // Sorted as in CipherSuite.h (and groupped by their RFC) - case SSL_RSA_WITH_NULL_MD5: - ciph.d->name = QLatin1String("NULL-MD5"); - ciph.d->protocol = QSsl::SslV3; - break; - case SSL_RSA_WITH_NULL_SHA: - ciph.d->name = QLatin1String("NULL-SHA"); - ciph.d->protocol = QSsl::SslV3; - break; - case SSL_RSA_WITH_RC4_128_MD5: - ciph.d->name = QLatin1String("RC4-MD5"); - ciph.d->protocol = QSsl::SslV3; - break; - case SSL_RSA_WITH_RC4_128_SHA: - ciph.d->name = QLatin1String("RC4-SHA"); - ciph.d->protocol = QSsl::SslV3; - break; - // TLS addenda using AES, per RFC 3268 case TLS_RSA_WITH_AES_128_CBC_SHA: ciph.d->name = QLatin1String("AES128-SHA"); @@ -822,12 +801,8 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSLCipherSuite(SSLCipherSui ciph.d->isNull = false; // protocol - if (ciph.d->protocol == QSsl::SslV3) { - ciph.d->protocolString = QLatin1String("SSLv3"); - } else { - ciph.d->protocol = QSsl::TlsV1_2; - ciph.d->protocolString = QLatin1String("TLSv1.2"); - } + ciph.d->protocol = QSsl::TlsV1_2; + ciph.d->protocolString = QLatin1String("TLSv1.2"); const auto bits = ciph.d->name.splitRef(QLatin1Char('-')); if (bits.size() >= 2) { @@ -1106,22 +1081,6 @@ bool QSslSocketBackendPrivate::setSessionProtocol() { Q_ASSERT_X(context, Q_FUNC_INFO, "invalid SSL context (null)"); - // QSsl::SslV2 == kSSLProtocol2 is disabled in Secure Transport and - // always fails with errSSLIllegalParam: - // if (version < MINIMUM_STREAM_VERSION || version > MAXIMUM_STREAM_VERSION) - // return errSSLIllegalParam; - // where MINIMUM_STREAM_VERSION is SSL_Version_3_0, MAXIMUM_STREAM_VERSION is TLS_Version_1_2. - if (configuration.protocol == QSsl::SslV2) { - qCDebug(lcSsl) << "protocol QSsl::SslV2 is disabled"; - return false; - } - - // SslV3 is unsupported. - if (configuration.protocol == QSsl::SslV3) { - qCDebug(lcSsl) << "protocol QSsl::SslV3 is disabled"; - return false; - } - // SecureTransport has kTLSProtocol13 constant and also, kTLSProtocolMaxSupported. // Calling SSLSetProtocolVersionMax/Min with any of these two constants results // in errInvalidParam and a failure to set the protocol version. This means @@ -1162,13 +1121,6 @@ bool QSslSocketBackendPrivate::setSessionProtocol() qCDebug(lcSsl) << plainSocket << "requesting : any"; #endif err = SSLSetProtocolVersionMin(context, kTLSProtocol1); - } else if (configuration.protocol == QSsl::TlsV1SslV3) { - #ifdef QSSLSOCKET_DEBUG - qCDebug(lcSsl) << plainSocket << "requesting : SSLv3 - TLSv1.2"; - #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol1); - if (err == errSecSuccess) - err = SSLSetProtocolVersionMax(context, kTLSProtocol1); } else if (configuration.protocol == QSsl::SecureProtocols) { #ifdef QSSLSOCKET_DEBUG qCDebug(lcSsl) << plainSocket << "requesting : TLSv1 - TLSv1.2"; @@ -1213,8 +1165,6 @@ bool QSslSocketBackendPrivate::verifySessionProtocol() const bool protocolOk = false; if (configuration.protocol == QSsl::AnyProtocol) protocolOk = true; - else if (configuration.protocol == QSsl::TlsV1SslV3) - protocolOk = (sessionProtocol() == QSsl::TlsV1_0); else if (configuration.protocol == QSsl::SecureProtocols) protocolOk = (sessionProtocol() >= QSsl::TlsV1_0); else if (configuration.protocol == QSsl::TlsV1_0OrLater) |