diff options
-rw-r--r-- | src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp | 7 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration.cpp | 27 | ||||
-rw-r--r-- | src/network/ssl/qsslconfiguration.h | 1 | ||||
-rw-r--r-- | tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 26 |
4 files changed, 58 insertions, 3 deletions
diff --git a/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp b/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp index 5d90dde5ea..b857a57a63 100644 --- a/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp +++ b/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp @@ -53,3 +53,10 @@ QSslConfiguration config = sslSocket.sslConfiguration(); config.setProtocol(QSsl::TlsV1_0); sslSocket.setSslConfiguration(config); //! [0] + + +//! [1] +QSslConfiguration tlsConfig = QSslConfiguration::defaultConfiguration(); +tlsConfig.setCiphers(QStringLiteral("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA")); +//! [1] + diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp index a38a998e7d..454b755f41 100644 --- a/src/network/ssl/qsslconfiguration.cpp +++ b/src/network/ssl/qsslconfiguration.cpp @@ -611,6 +611,33 @@ void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers) } /*! + \since 6.0 + + Sets the cryptographic cipher suite for this configuration to \a ciphers, + which is a colon-separated list of cipher suite names. The ciphers are listed + in order of preference, starting with the most preferred cipher. For example: + + \snippet code/src_network_ssl_qsslconfiguration.cpp 1 + + Each cipher name in \a ciphers must be the name of a cipher in the + list returned by supportedCiphers(). Restricting the cipher suite + must be done before the handshake phase, where the session cipher + is chosen. + + \sa ciphers() +*/ +void QSslConfiguration::setCiphers(const QString &ciphers) +{ + d->ciphers.clear(); + const auto cipherNames = ciphers.split(QLatin1Char(':'), Qt::SkipEmptyParts); + for (const QString &cipherName : cipherNames) { + QSslCipher cipher(cipherName); + if (!cipher.isNull()) + d->ciphers << cipher; + } +} + +/*! \since 5.5 Returns the list of cryptographic ciphers supported by this diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h index 90a876b6c5..706ac5775f 100644 --- a/src/network/ssl/qsslconfiguration.h +++ b/src/network/ssl/qsslconfiguration.h @@ -125,6 +125,7 @@ public: // Cipher settings QList<QSslCipher> ciphers() const; void setCiphers(const QList<QSslCipher> &ciphers); + void setCiphers(const QString &ciphers); static QList<QSslCipher> supportedCiphers(); // Certificate Authority (CA) settings diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp index 97a01efdd3..864d8db008 100644 --- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp +++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp @@ -804,10 +804,30 @@ void tst_QSslSocket::ciphers() socket.setSslConfiguration(sslConfig); QCOMPARE(socket.sslConfiguration().ciphers(), QSslConfiguration::defaultConfiguration().ciphers()); - // Task 164356 - sslConfig.setCiphers({QSslCipher("ALL"), QSslCipher("!ADH"), QSslCipher("!LOW"), - QSslCipher("!EXP"), QSslCipher("!MD5"), QSslCipher("@STRENGTH")}); + sslConfig = QSslConfiguration::defaultConfiguration(); + QList<QSslCipher> ciphers; + QString ciphersAsString; + const auto &supported = sslConfig.supportedCiphers(); + for (const auto &cipher : supported) { + if (cipher.isNull() || !cipher.name().length()) + continue; + if (ciphers.size() > 0) + ciphersAsString += QStringLiteral(":"); + ciphersAsString += cipher.name(); + ciphers.append(cipher); + if (ciphers.size() == 3) // 3 should be enough. + break; + } + + if (!ciphers.size()) + QSKIP("No proper ciphersuite was found to test 'setCiphers'"); + + sslConfig.setCiphers(ciphersAsString); + socket.setSslConfiguration(sslConfig); + QCOMPARE(ciphers, socket.sslConfiguration().ciphers()); + sslConfig.setCiphers(ciphers); socket.setSslConfiguration(sslConfig); + QCOMPARE(ciphers, socket.sslConfiguration().ciphers()); } void tst_QSslSocket::connectToHostEncrypted() |