diff options
| -rw-r--r-- | src/network/ssl/qssl.cpp | 2 | ||||
| -rw-r--r-- | src/network/ssl/qssl.h | 3 | ||||
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 2 | ||||
| -rw-r--r-- | tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp | 2 |
4 files changed, 6 insertions, 3 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp index 4e33001d8d..d5f5de10a2 100644 --- a/src/network/ssl/qssl.cpp +++ b/src/network/ssl/qssl.cpp @@ -161,6 +161,8 @@ QT_BEGIN_NAMESPACE mechanism for renegotiating the connection parameters. When enabled, this option can allow connections for legacy servers, but it introduces the possibility that an attacker could inject plaintext into the SSL session. + \value SslOptionDisableSessionSharing Disables SSL session sharing via + the session ID handshake attribute. By default, SslOptionDisableEmptyFragments is turned on since this causes problems with a large number of servers. SslOptionDisableLegacyRenegotiation diff --git a/src/network/ssl/qssl.h b/src/network/ssl/qssl.h index 06d80965e2..2429f3d580 100644 --- a/src/network/ssl/qssl.h +++ b/src/network/ssl/qssl.h @@ -95,7 +95,8 @@ namespace QSsl { SslOptionDisableSessionTickets = 0x02, SslOptionDisableCompression = 0x04, SslOptionDisableServerNameIndication = 0x08, - SslOptionDisableLegacyRenegotiation = 0x10 + SslOptionDisableLegacyRenegotiation = 0x10, + SslOptionDisableSessionSharing = 0x20 }; Q_DECLARE_FLAGS(SslOptions, SslOption) } diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 2b9c4b5bd2..590b3dfc67 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1439,7 +1439,7 @@ void QSslSocketBackendPrivate::continueHandshake() #endif // Cache this SSL session inside the QSslContext - if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) { + if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { if (!sslContextPointer->cacheSession(ssl)) sslContextPointer.clear(); // we could not cache the session } diff --git a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp index bcc0641973..97f9667140 100644 --- a/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp +++ b/tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp @@ -5920,7 +5920,7 @@ void tst_QNetworkReply::sslSessionSharing() warmupRequest.setAttribute(QNetworkRequest::User, sessionSharingEnabled); // so we can read it from the slot if (! sessionSharingEnabled) { QSslConfiguration configuration(QSslConfiguration::defaultConfiguration()); - configuration.setSslOption(QSsl::SslOptionDisableSessionTickets, true); + configuration.setSslOption(QSsl::SslOptionDisableSessionSharing, true); warmupRequest.setSslConfiguration(configuration); } QNetworkReply *reply = manager.get(warmupRequest); |