diff options
author | Allan Sandfeld Jensen <allan.jensen@digia.com> | 2014-10-21 15:44:43 +0200 |
---|---|---|
committer | Kai Koehne <kai.koehne@theqtcompany.com> | 2014-10-24 12:46:26 +0200 |
commit | 3fd2d9eff8c1f948306ee5fbfe364ccded1c4b84 (patch) | |
tree | 13d642dd142c5f8dc2b2439c98409b71fba3d8f6 /tests/auto/network/ssl | |
parent | 88e7a4f661da166e81171a3188f6290c40a2f748 (diff) |
Update QSsl::SecureProtocols to not include Sslv3
After the poodle vulnerability SSLv3 should like SSLv2 no longer be
considered safe, so when a user request a safe protocol we should
only allow TLS versions.
[ChangeLog][QtNetwork][QSsl] QSsl::SecureProtocols now also excludes SSLv3
Change-Id: If825f6beb599294b028d706903b39db6b20be519
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'tests/auto/network/ssl')
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 6e915f89fb..aa954429de 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -1088,7 +1088,7 @@ void tst_QSslSocket::protocolServerSide_data() #endif QTest::newRow("ssl3-tls1.0") << QSsl::SslV3 << QSsl::TlsV1_0 << false; QTest::newRow("ssl3-tls1ssl3") << QSsl::SslV3 << QSsl::TlsV1SslV3 << true; - QTest::newRow("ssl3-secure") << QSsl::SslV3 << QSsl::SecureProtocols << true; + QTest::newRow("ssl3-secure") << QSsl::SslV3 << QSsl::SecureProtocols << false; #ifndef OPENSSL_NO_SSL2 QTest::newRow("ssl3-any") << QSsl::SslV3 << QSsl::AnyProtocol << false; // we won't set a SNI header here because we connect to a // numerical IP, so OpenSSL will send a SSL 2 handshake @@ -1120,7 +1120,7 @@ void tst_QSslSocket::protocolServerSide_data() #ifndef OPENSSL_NO_SSL2 QTest::newRow("secure-ssl2") << QSsl::SecureProtocols << QSsl::SslV2 << false; #endif - QTest::newRow("secure-ssl3") << QSsl::SecureProtocols << QSsl::SslV3 << true; + QTest::newRow("secure-ssl3") << QSsl::SecureProtocols << QSsl::SslV3 << false; QTest::newRow("secure-tls1.0") << QSsl::SecureProtocols << QSsl::TlsV1_0 << true; QTest::newRow("secure-tls1ssl3") << QSsl::SecureProtocols << QSsl::TlsV1SslV3 << true; QTest::newRow("secure-any") << QSsl::SecureProtocols << QSsl::AnyProtocol << true; @@ -2300,28 +2300,28 @@ void tst_QSslSocket::sslOptions() #ifdef SSL_OP_NO_COMPRESSION QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSslConfigurationPrivate::defaultSslOptions), - long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_COMPRESSION)); + long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION)); #else QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSslConfigurationPrivate::defaultSslOptions), - long(SSL_OP_ALL|SSL_OP_NO_SSLv2)); + long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3)); #endif QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSsl::SslOptionDisableEmptyFragments |QSsl::SslOptionDisableLegacyRenegotiation), - long(SSL_OP_ALL|SSL_OP_NO_SSLv2)); + long(SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3)); #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSsl::SslOptionDisableEmptyFragments), - long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))); + long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))); #endif #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS QCOMPARE(QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SecureProtocols, QSsl::SslOptionDisableLegacyRenegotiation), - long((SSL_OP_ALL|SSL_OP_NO_SSLv2) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)); + long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)); #endif #ifdef SSL_OP_NO_TICKET @@ -2329,7 +2329,7 @@ void tst_QSslSocket::sslOptions() QSsl::SslOptionDisableEmptyFragments |QSsl::SslOptionDisableLegacyRenegotiation |QSsl::SslOptionDisableSessionTickets), - long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET))); + long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET))); #endif #ifdef SSL_OP_NO_TICKET @@ -2339,7 +2339,7 @@ void tst_QSslSocket::sslOptions() |QSsl::SslOptionDisableLegacyRenegotiation |QSsl::SslOptionDisableSessionTickets |QSsl::SslOptionDisableCompression), - long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET|SSL_OP_NO_COMPRESSION))); + long((SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_NO_COMPRESSION))); #endif #endif } |