summaryrefslogtreecommitdiffstats
path: root/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
diff options
context:
space:
mode:
authorTimur Pocheptsov <timur.pocheptsov@qt.io>2021-12-23 14:17:13 +0100
committerTimur Pocheptsov <timur.pocheptsov@qt.io>2022-01-12 22:27:21 +0100
commitc30af31f990aef5ff5ea0e6eb2c6ba9681f9c7ba (patch)
treedd0cf4861e5d4751711d40a807cc1b82df482fa0 /tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
parenteabb3fd2f03f81f738a6128b7b09d92f0731522c (diff)
QSslSocket (SecureTransport) add TLS 1.3 ciphersuites
At some point we decided to support a custom set of ciphersuites specified by QSslConfiguration (which if you ask me was never a good idea). The law of unforseen consequiences bit us again: since we now give a set of ciphesuites to QSslConfiguration and set ciphesuites from the configuration a socket has, we are limited by the ciphersuites we know about at the moment of 'coding'. Meaning if an SDK was updated and CipherSuite.h later adds more ciphersuites, we miss them and 'don't support them', while we ... actually do. This patch tries to add some more ciphersuites introduced in TLS 1.3 (interesting, SecureTransport does not support TLS 1.3, but TLS 1.3 suites can be used in TLS 1.2 session). Pick-to: 6.2 6.3 5.15 Task-number: QTBUG-99368 Change-Id: I439b63845c4893e5621cffaf3bcaf62e2b643c74 Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp')
-rw-r--r--tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp39
1 files changed, 39 insertions, 0 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index a03809fc09..a2541d5425 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -155,6 +155,9 @@ private slots:
void sslErrors_data();
void sslErrors();
void ciphers();
+#if QT_CONFIG(securetransport)
+ void tls13Ciphers();
+#endif // QT_CONFIG(securetransport)
void connectToHostEncrypted();
void connectToHostEncryptedWithVerificationPeerName();
void sessionCipher();
@@ -1063,6 +1066,42 @@ void tst_QSslSocket::ciphers()
}
}
+#if QT_CONFIG(securetransport)
+void tst_QSslSocket::tls13Ciphers()
+{
+ // SecureTransport introduced several new ciphers under
+ // "TLS 1.3 ciphersuites" section. Since Qt 6 we respect
+ // the ciphers from QSslConfiguration. In case of default
+ // configuration, these are the same we report and we
+ // were failing (for historical reasons) to report those
+ // TLS 1.3 suites when creating default QSslConfiguration.
+ // Check we now have them.
+ if (!isTestingSecureTransport)
+ QSKIP("The feature 'securetransport' was enabled, but active backend is not \"securetransport\"");
+
+ QFETCH_GLOBAL(const bool, setProxy);
+ if (setProxy)
+ return;
+
+ const auto suites = QSslConfiguration::defaultConfiguration().ciphers();
+ QSslCipher ciph;
+ // Check the one of reported and previously missed:
+ for (const auto &suite : suites) {
+ if (suite.encryptionMethod() == QStringLiteral("CHACHA20")) {
+ // There are several ciphesuites using CHACHA20, the first one
+ // is sufficient for the purpose of this test:
+ ciph = suite;
+ break;
+ }
+ }
+
+ QVERIFY(!ciph.isNull());
+ QCOMPARE(ciph.encryptionMethod(), QStringLiteral("CHACHA20"));
+ QCOMPARE(ciph.supportedBits(), 256);
+ QCOMPARE(ciph.usedBits(), 256);
+}
+#endif // QT_CONFIG(securetransport)
+
void tst_QSslSocket::connectToHostEncrypted()
{
if (!QSslSocket::supportsSsl())