diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2021-06-18 12:46:33 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2021-06-25 01:30:46 +0200 |
commit | bb93c641a20ee7585bcf5f3e86d012d1a8f557ff (patch) | |
tree | ff496ddce54b446951fa6137870ab0b702f8a749 /src/plugins/tls/openssl/qsslcontext_openssl.cpp | |
parent | 664a6621fb54aaa5824ff4f3f09cbc21ecefcd3b (diff) |
TLS: Mark TLS 1.0, 1.1 and DTLS 1.0 deprecated
As per the best practice laid forth in RFC-8996.
TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018.
[ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now
deprecated, as recommended by RFC-8996.
Fixes: QTBUG-92880
Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/plugins/tls/openssl/qsslcontext_openssl.cpp')
-rw-r--r-- | src/plugins/tls/openssl/qsslcontext_openssl.cpp | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/plugins/tls/openssl/qsslcontext_openssl.cpp b/src/plugins/tls/openssl/qsslcontext_openssl.cpp index c0afc32e47..dae87374cb 100644 --- a/src/plugins/tls/openssl/qsslcontext_openssl.cpp +++ b/src/plugins/tls/openssl/qsslcontext_openssl.cpp @@ -102,13 +102,16 @@ long QSslContext::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptio { long options; switch (protocol) { - case QSsl::SecureProtocols: +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED case QSsl::TlsV1_0OrLater: options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; break; case QSsl::TlsV1_1OrLater: options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1; break; +QT_WARNING_POP + case QSsl::SecureProtocols: case QSsl::TlsV1_2OrLater: options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1; break; @@ -363,8 +366,11 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo bool isDtls = false; init_context: switch (sslContext->sslConfiguration.protocol()) { +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED case QSsl::DtlsV1_0: case QSsl::DtlsV1_0OrLater: +QT_WARNING_POP case QSsl::DtlsV1_2: case QSsl::DtlsV1_2OrLater: #if QT_CONFIG(dtls) @@ -419,6 +425,8 @@ init_context: long maxVersion = anyVersion; switch (sslContext->sslConfiguration.protocol()) { +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED case QSsl::TlsV1_0: minVersion = TLS1_VERSION; maxVersion = TLS1_VERSION; @@ -427,6 +435,7 @@ init_context: minVersion = TLS1_1_VERSION; maxVersion = TLS1_1_VERSION; break; +QT_WARNING_POP case QSsl::TlsV1_2: minVersion = TLS1_2_VERSION; maxVersion = TLS1_2_VERSION; @@ -443,7 +452,8 @@ init_context: break; // Ranges: case QSsl::AnyProtocol: - case QSsl::SecureProtocols: +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED case QSsl::TlsV1_0OrLater: minVersion = TLS1_VERSION; maxVersion = 0; @@ -452,10 +462,14 @@ init_context: minVersion = TLS1_1_VERSION; maxVersion = 0; break; +QT_WARNING_POP + case QSsl::SecureProtocols: case QSsl::TlsV1_2OrLater: minVersion = TLS1_2_VERSION; maxVersion = 0; break; +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED case QSsl::DtlsV1_0: minVersion = DTLS1_VERSION; maxVersion = DTLS1_VERSION; @@ -464,6 +478,7 @@ init_context: minVersion = DTLS1_VERSION; maxVersion = DTLS_MAX_VERSION; break; +QT_WARNING_POP case QSsl::DtlsV1_2: minVersion = DTLS1_2_VERSION; maxVersion = DTLS1_2_VERSION; |