diff options
author | Brendan Long <b.long@cablelabs.com> | 2012-08-16 17:14:04 -0600 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2012-08-29 14:22:54 +0200 |
commit | 860f95946bc6965317ad226ff83ee00ef13b7812 (patch) | |
tree | 3821ee0a62431dc357410a1c9f9a9248343964f4 /src/network/ssl/qsslsocket_openssl.cpp | |
parent | a135d87a0f8ec24445e13fb54f4316e4ca7473be (diff) |
Add support for explicit TLS 1.1 and 1.2
Add SslProtocol enums TlsV1_1 and TlsV1_2 and use the appropriate OpenSSL
methods when they're selected (TLSv1_1_client_method, TLSv1_2_client_method,
TLSv1_1_server_method and TLSv1_2_server_method). This allows us to
explicitly use TLS 1.1 or 1.2.
Task-number: QTBUG-26866
Change-Id: I159da548546fa746c20e9e96bc0e5b785e4e761b
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index a23e3fa377..250ff0fe38 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -197,6 +197,10 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *ciph ciph.d->protocol = QSsl::SslV2; else if (protoString == QLatin1String("TLSv1")) ciph.d->protocol = QSsl::TlsV1_0; + else if (protoString == QLatin1String("TLSv1.1")) + ciph.d->protocol = QSsl::TlsV1_1; + else if (protoString == QLatin1String("TLSv1.2")) + ciph.d->protocol = QSsl::TlsV1_2; if (descriptionList.at(2).startsWith(QLatin1String("Kx="))) ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3); @@ -318,6 +322,20 @@ init_context: case QSsl::TlsV1_0: ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); break; + case QSsl::TlsV1_1: +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); +#else + ctx = 0; // TLS 1.1 not supported by the system, but chosen deliberately -> error +#endif + break; + case QSsl::TlsV1_2: +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); +#else + ctx = 0; // TLS 1.2 not supported by the system, but chosen deliberately -> error +#endif + break; } if (!ctx) { // After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them @@ -473,6 +491,8 @@ init_context: #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) if ((configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::TlsV1_0 || + configuration.protocol == QSsl::TlsV1_1 || + configuration.protocol == QSsl::TlsV1_2 || configuration.protocol == QSsl::SecureProtocols || configuration.protocol == QSsl::AnyProtocol) && client && q_SSLeay() >= 0x00090806fL) { |