TLS: Mark TLS 1.0, 1.1 and DTLS 1.0 deprecated

As per the best practice laid forth in RFC-8996. TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018. [ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now deprecated, as recommended by RFC-8996. Fixes: QTBUG-92880 Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
author: Mårten Nordheim <marten.nordheim@qt.io> 2021-06-18 12:46:33 +0200
committer: Mårten Nordheim <marten.nordheim@qt.io> 2021-06-25 01:30:46 +0200
commit: bb93c641a20ee7585bcf5f3e86d012d1a8f557ff (patch)
tree: ff496ddce54b446951fa6137870ab0b702f8a749 /src/plugins/tls/openssl/qsslcontext_openssl.cpp
parent: 664a6621fb54aaa5824ff4f3f09cbc21ecefcd3b (diff)
1 files changed, 17 insertions, 2 deletions
diff --git a/src/plugins/tls/openssl/qsslcontext_openssl.cpp b/src/plugins/tls/openssl/qsslcontext_openssl.cpp
index c0afc32e47..dae87374cb 100644
--- a/src/plugins/tls/openssl/qsslcontext_openssl.cpp
+++ b/src/plugins/tls/openssl/qsslcontext_openssl.cpp
@@ -102,13 +102,16 @@ long QSslContext::setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptio
 {
     long options;
     switch (protocol) {
-    case QSsl::SecureProtocols:
+QT_WARNING_PUSH
+QT_WARNING_DISABLE_DEPRECATED
     case QSsl::TlsV1_0OrLater:
         options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
         break;
     case QSsl::TlsV1_1OrLater:
         options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
         break;
+QT_WARNING_POP
+    case QSsl::SecureProtocols:
     case QSsl::TlsV1_2OrLater:
         options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
         break;
@@ -363,8 +366,11 @@ void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mo
     bool isDtls = false;
 init_context:
     switch (sslContext->sslConfiguration.protocol()) {
+QT_WARNING_PUSH
+QT_WARNING_DISABLE_DEPRECATED
     case QSsl::DtlsV1_0:
     case QSsl::DtlsV1_0OrLater:
+QT_WARNING_POP
     case QSsl::DtlsV1_2:
     case QSsl::DtlsV1_2OrLater:
 #if QT_CONFIG(dtls)
@@ -419,6 +425,8 @@ init_context:
     long maxVersion = anyVersion;
 
     switch (sslContext->sslConfiguration.protocol()) {
+QT_WARNING_PUSH
+QT_WARNING_DISABLE_DEPRECATED
     case QSsl::TlsV1_0:
         minVersion = TLS1_VERSION;
         maxVersion = TLS1_VERSION;
@@ -427,6 +435,7 @@ init_context:
         minVersion = TLS1_1_VERSION;
         maxVersion = TLS1_1_VERSION;
         break;
+QT_WARNING_POP
     case QSsl::TlsV1_2:
         minVersion = TLS1_2_VERSION;
         maxVersion = TLS1_2_VERSION;
@@ -443,7 +452,8 @@ init_context:
         break;
     // Ranges:
     case QSsl::AnyProtocol:
-    case QSsl::SecureProtocols:
+QT_WARNING_PUSH
+QT_WARNING_DISABLE_DEPRECATED
     case QSsl::TlsV1_0OrLater:
         minVersion = TLS1_VERSION;
         maxVersion = 0;
@@ -452,10 +462,14 @@ init_context:
         minVersion = TLS1_1_VERSION;
         maxVersion = 0;
         break;
+QT_WARNING_POP
+    case QSsl::SecureProtocols:
     case QSsl::TlsV1_2OrLater:
         minVersion = TLS1_2_VERSION;
         maxVersion = 0;
         break;
+QT_WARNING_PUSH
+QT_WARNING_DISABLE_DEPRECATED
     case QSsl::DtlsV1_0:
         minVersion = DTLS1_VERSION;
         maxVersion = DTLS1_VERSION;
@@ -464,6 +478,7 @@ init_context:
         minVersion = DTLS1_VERSION;
         maxVersion = DTLS_MAX_VERSION;
         break;
+QT_WARNING_POP
     case QSsl::DtlsV1_2:
         minVersion = DTLS1_2_VERSION;
         maxVersion = DTLS1_2_VERSION;
author	Mårten Nordheim <marten.nordheim@qt.io>	2021-06-18 12:46:33 +0200
committer	Mårten Nordheim <marten.nordheim@qt.io>	2021-06-25 01:30:46 +0200
commit	bb93c641a20ee7585bcf5f3e86d012d1a8f557ff (patch)
tree	ff496ddce54b446951fa6137870ab0b702f8a749 /src/plugins/tls/openssl/qsslcontext_openssl.cpp
parent	664a6621fb54aaa5824ff4f3f09cbc21ecefcd3b (diff)