diff options
author | Mårten Nordheim <marten.nordheim@qt.io> | 2021-06-18 12:46:33 +0200 |
---|---|---|
committer | Mårten Nordheim <marten.nordheim@qt.io> | 2021-06-25 01:30:46 +0200 |
commit | bb93c641a20ee7585bcf5f3e86d012d1a8f557ff (patch) | |
tree | ff496ddce54b446951fa6137870ab0b702f8a749 /src/plugins/tls/securetransport | |
parent | 664a6621fb54aaa5824ff4f3f09cbc21ecefcd3b (diff) |
TLS: Mark TLS 1.0, 1.1 and DTLS 1.0 deprecated
As per the best practice laid forth in RFC-8996.
TLS 1.2 was recommended from 2008 until TLS 1.3 was released in 2018.
[ChangeLog][QtNetwork][QSslSocket] TLS 1.0, 1.1 and DTLS 1.0 are now
deprecated, as recommended by RFC-8996.
Fixes: QTBUG-92880
Change-Id: I90cebcfb07cfce623af7ac9f2b66ce9d02586b54
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/plugins/tls/securetransport')
-rw-r--r-- | src/plugins/tls/securetransport/qtls_st.cpp | 18 | ||||
-rw-r--r-- | src/plugins/tls/securetransport/qtlsbackend_st.cpp | 3 |
2 files changed, 18 insertions, 3 deletions
diff --git a/src/plugins/tls/securetransport/qtls_st.cpp b/src/plugins/tls/securetransport/qtls_st.cpp index 6741fbc5b2..3c23d67598 100644 --- a/src/plugins/tls/securetransport/qtls_st.cpp +++ b/src/plugins/tls/securetransport/qtls_st.cpp @@ -439,10 +439,13 @@ QSsl::SslProtocol TlsCryptographSecureTransport::sessionProtocol() const } switch (protocol) { +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED case kTLSProtocol1: return QSsl::TlsV1_0; case kTLSProtocol11: return QSsl::TlsV1_1; +QT_WARNING_POP case kTLSProtocol12: return QSsl::TlsV1_2; case kTLSProtocol13: @@ -922,6 +925,8 @@ bool TlsCryptographSecureTransport::setSessionProtocol() OSStatus err = errSecSuccess; +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED if (configuration.protocol() == QSsl::TlsV1_0) { #ifdef QSSLSOCKET_DEBUG qCDebug(lcTlsBackend) << plainSocket << "requesting : TLSv1.0"; @@ -936,6 +941,7 @@ bool TlsCryptographSecureTransport::setSessionProtocol() err = SSLSetProtocolVersionMin(context, kTLSProtocol11); if (err == errSecSuccess) err = SSLSetProtocolVersionMax(context, kTLSProtocol11); +QT_WARNING_POP } else if (configuration.protocol() == QSsl::TlsV1_2) { #ifdef QSSLSOCKET_DEBUG qCDebug(lcTlsBackend) << plainSocket << "requesting : TLSv1.2"; @@ -950,9 +956,11 @@ bool TlsCryptographSecureTransport::setSessionProtocol() err = SSLSetProtocolVersionMin(context, kTLSProtocol1); } else if (configuration.protocol() == QSsl::SecureProtocols) { #ifdef QSSLSOCKET_DEBUG - qCDebug(lcTlsBackend) << plainSocket << "requesting : TLSv1 - TLSv1.2"; + qCDebug(lcTlsBackend) << plainSocket << "requesting : TLSv1.2"; #endif - err = SSLSetProtocolVersionMin(context, kTLSProtocol1); + err = SSLSetProtocolVersionMin(context, kTLSProtocol12); +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED } else if (configuration.protocol() == QSsl::TlsV1_0OrLater) { #ifdef QSSLSOCKET_DEBUG qCDebug(lcTlsBackend) << plainSocket << "requesting : TLSv1 - TLSv1.2"; @@ -963,6 +971,7 @@ bool TlsCryptographSecureTransport::setSessionProtocol() qCDebug(lcTlsBackend) << plainSocket << "requesting : TLSv1.1 - TLSv1.2"; #endif err = SSLSetProtocolVersionMin(context, kTLSProtocol11); +QT_WARNING_POP } else if (configuration.protocol() == QSsl::TlsV1_2OrLater) { #ifdef QSSLSOCKET_DEBUG qCDebug(lcTlsBackend) << plainSocket << "requesting : TLSv1.2"; @@ -999,11 +1008,14 @@ bool TlsCryptographSecureTransport::verifySessionProtocol() const if (configuration.protocol() == QSsl::AnyProtocol) protocolOk = true; else if (configuration.protocol() == QSsl::SecureProtocols) - protocolOk = (sessionProtocol() >= QSsl::TlsV1_0); + protocolOk = (sessionProtocol() >= QSsl::TlsV1_2); +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED else if (configuration.protocol() == QSsl::TlsV1_0OrLater) protocolOk = (sessionProtocol() >= QSsl::TlsV1_0); else if (configuration.protocol() == QSsl::TlsV1_1OrLater) protocolOk = (sessionProtocol() >= QSsl::TlsV1_1); +QT_WARNING_POP else if (configuration.protocol() == QSsl::TlsV1_2OrLater) protocolOk = (sessionProtocol() >= QSsl::TlsV1_2); else if (configuration.protocol() == QSsl::TlsV1_3OrLater) diff --git a/src/plugins/tls/securetransport/qtlsbackend_st.cpp b/src/plugins/tls/securetransport/qtlsbackend_st.cpp index 7fc7692350..b84faabcfa 100644 --- a/src/plugins/tls/securetransport/qtlsbackend_st.cpp +++ b/src/plugins/tls/securetransport/qtlsbackend_st.cpp @@ -294,10 +294,13 @@ QList<QSsl::SslProtocol> QSecureTransportBackend::supportedProtocols() const protocols << QSsl::AnyProtocol; protocols << QSsl::SecureProtocols; +QT_WARNING_PUSH +QT_WARNING_DISABLE_DEPRECATED protocols << QSsl::TlsV1_0; protocols << QSsl::TlsV1_0OrLater; protocols << QSsl::TlsV1_1; protocols << QSsl::TlsV1_1OrLater; +QT_WARNING_POP protocols << QSsl::TlsV1_2; protocols << QSsl::TlsV1_2OrLater; |