summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp7
-rw-r--r--src/network/ssl/qsslconfiguration.cpp27
-rw-r--r--src/network/ssl/qsslconfiguration.h1
-rw-r--r--tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp26
4 files changed, 58 insertions, 3 deletions
diff --git a/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp b/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
index 5d90dde5ea..b857a57a63 100644
--- a/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
+++ b/src/network/doc/snippets/code/src_network_ssl_qsslconfiguration.cpp
@@ -53,3 +53,10 @@ QSslConfiguration config = sslSocket.sslConfiguration();
config.setProtocol(QSsl::TlsV1_0);
sslSocket.setSslConfiguration(config);
//! [0]
+
+
+//! [1]
+QSslConfiguration tlsConfig = QSslConfiguration::defaultConfiguration();
+tlsConfig.setCiphers(QStringLiteral("DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA"));
+//! [1]
+
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index a38a998e7d..454b755f41 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -611,6 +611,33 @@ void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers)
}
/*!
+ \since 6.0
+
+ Sets the cryptographic cipher suite for this configuration to \a ciphers,
+ which is a colon-separated list of cipher suite names. The ciphers are listed
+ in order of preference, starting with the most preferred cipher. For example:
+
+ \snippet code/src_network_ssl_qsslconfiguration.cpp 1
+
+ Each cipher name in \a ciphers must be the name of a cipher in the
+ list returned by supportedCiphers(). Restricting the cipher suite
+ must be done before the handshake phase, where the session cipher
+ is chosen.
+
+ \sa ciphers()
+*/
+void QSslConfiguration::setCiphers(const QString &ciphers)
+{
+ d->ciphers.clear();
+ const auto cipherNames = ciphers.split(QLatin1Char(':'), Qt::SkipEmptyParts);
+ for (const QString &cipherName : cipherNames) {
+ QSslCipher cipher(cipherName);
+ if (!cipher.isNull())
+ d->ciphers << cipher;
+ }
+}
+
+/*!
\since 5.5
Returns the list of cryptographic ciphers supported by this
diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h
index 90a876b6c5..706ac5775f 100644
--- a/src/network/ssl/qsslconfiguration.h
+++ b/src/network/ssl/qsslconfiguration.h
@@ -125,6 +125,7 @@ public:
// Cipher settings
QList<QSslCipher> ciphers() const;
void setCiphers(const QList<QSslCipher> &ciphers);
+ void setCiphers(const QString &ciphers);
static QList<QSslCipher> supportedCiphers();
// Certificate Authority (CA) settings
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 97a01efdd3..864d8db008 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -804,10 +804,30 @@ void tst_QSslSocket::ciphers()
socket.setSslConfiguration(sslConfig);
QCOMPARE(socket.sslConfiguration().ciphers(), QSslConfiguration::defaultConfiguration().ciphers());
- // Task 164356
- sslConfig.setCiphers({QSslCipher("ALL"), QSslCipher("!ADH"), QSslCipher("!LOW"),
- QSslCipher("!EXP"), QSslCipher("!MD5"), QSslCipher("@STRENGTH")});
+ sslConfig = QSslConfiguration::defaultConfiguration();
+ QList<QSslCipher> ciphers;
+ QString ciphersAsString;
+ const auto &supported = sslConfig.supportedCiphers();
+ for (const auto &cipher : supported) {
+ if (cipher.isNull() || !cipher.name().length())
+ continue;
+ if (ciphers.size() > 0)
+ ciphersAsString += QStringLiteral(":");
+ ciphersAsString += cipher.name();
+ ciphers.append(cipher);
+ if (ciphers.size() == 3) // 3 should be enough.
+ break;
+ }
+
+ if (!ciphers.size())
+ QSKIP("No proper ciphersuite was found to test 'setCiphers'");
+
+ sslConfig.setCiphers(ciphersAsString);
+ socket.setSslConfiguration(sslConfig);
+ QCOMPARE(ciphers, socket.sslConfiguration().ciphers());
+ sslConfig.setCiphers(ciphers);
socket.setSslConfiguration(sslConfig);
+ QCOMPARE(ciphers, socket.sslConfiguration().ciphers());
}
void tst_QSslSocket::connectToHostEncrypted()