diff options
author | Antonio Larrosa <alarrosa@suse.com> | 2016-02-10 17:20:35 +0100 |
---|---|---|
committer | Richard J. Moore <rich@kde.org> | 2016-03-14 00:00:43 +0000 |
commit | 063ad1c8b629318288223792c0ca7ab3f991f3e6 (patch) | |
tree | 0aef0c7573ed7abcd8098eb6e819a98f4b834005 /src/network/ssl | |
parent | 5fe0e41e79030d14d8e32bda7fb5412d8c335c52 (diff) |
Don't include by default ciphers that are not supported
There could be cases (mostly when compiled on old systems, since modern
openssl versions don't include such insecure ciphers) in which
defaultCiphers included a cipher that wasn't in the supported ciphers
list. With this patch we make sure that defaultCiphers is a subset of
supportedCiphers
Change-Id: I545ea21f5fd3a6ed13b366cdd56a1393233f9fc9
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 244d4bbebf..8caa56ee5b 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -643,10 +643,12 @@ void QSslSocketPrivate::resetDefaultCiphers() // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection if (!ciph.name().toLower().startsWith(QLatin1String("adh")) && !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) && - !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) + !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) { ciphers << ciph; - if (ciph.usedBits() >= 128) - defaultCiphers << ciph; + + if (ciph.usedBits() >= 128) + defaultCiphers << ciph; + } } } } |