diff options
author | Peter Hartmann <phartmann@blackberry.com> | 2013-04-22 10:36:04 +0200 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-04-22 10:58:14 +0200 |
commit | 7df16fb4ccbe0476bc34274a77e98eec4e8d2d93 (patch) | |
tree | f339fec2f1a641eb9f0b4ea6f75a4ebfd78c9e06 /src/network | |
parent | c5a3cfa488ec5653cb026060e2b8f8b6a702d020 (diff) |
SSL namespace: Add enum to disable SSL session sharing
There is already an enum to disable SSL session tickets, which has been
used to disable session sharing for now. However, SSL session sharing
is not the same as SSL session tickets: Session sharing is built into
the SSL protocol, while session tickets is a TLS extension (RFC 5077).
Change-Id: If76b99c94b346cfb00e47366e66098f6334fd9bc
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/ssl/qssl.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qssl.h | 3 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 2 |
3 files changed, 5 insertions, 2 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index 4e33001d8d..d5f5de10a2 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -161,6 +161,8 @@ QT_BEGIN_NAMESPACE mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session. + \value SslOptionDisableSessionSharing Disables SSL session sharing via + the session ID handshake attribute. By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index 06d80965e2..2429f3d580 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -95,7 +95,8 @@ namespace QSsl { SslOptionDisableSessionTickets = 0x02, SslOptionDisableCompression = 0x04, SslOptionDisableServerNameIndication = 0x08, - SslOptionDisableLegacyRenegotiation = 0x10 + SslOptionDisableLegacyRenegotiation = 0x10, + SslOptionDisableSessionSharing = 0x20 }; Q_DECLARE_FLAGS(SslOptions, SslOption) } diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 2b9c4b5bd2..590b3dfc67 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1439,7 +1439,7 @@ void QSslSocketBackendPrivate::continueHandshake() #endif // Cache this SSL session inside the QSslContext - if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) { + if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { if (!sslContextPointer->cacheSession(ssl)) sslContextPointer.clear(); // we could not cache the session } |