diff options
Diffstat (limited to 'src/network/doc/src/ssl.qdoc')
-rw-r--r-- | src/network/doc/src/ssl.qdoc | 76 |
1 files changed, 39 insertions, 37 deletions
diff --git a/src/network/doc/src/ssl.qdoc b/src/network/doc/src/ssl.qdoc index ed04e13487..83549f61e8 100644 --- a/src/network/doc/src/ssl.qdoc +++ b/src/network/doc/src/ssl.qdoc @@ -1,29 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the documentation of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:FDL$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU Free Documentation License Usage -** Alternatively, this file may be used under the terms of the GNU Free -** Documentation License version 1.3 as published by the Free Software -** Foundation and appearing in the file included in the packaging of -** this file. Please review the following information to ensure -** the GNU Free Documentation License version 1.3 requirements -** will be met: https://www.gnu.org/licenses/fdl-1.3.html. -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2016 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only /*! \page ssl.html @@ -33,24 +9,36 @@ \keyword SSL The classes below provide support for secure network communication using - the Secure Sockets Layer (SSL) protocol, using the \l{OpenSSL Toolkit} - to perform encryption and protocol handling. + the Secure Sockets Layer (SSL) protocol, using a native TLS backend, + the \l{OpenSSL Toolkit}, or any appropriate TLS plugin to perform encryption + and protocol handling. - From Qt version 5.15 onwards, the officially supported version for OpenSSL + From Qt version 5.15 onward, the officially supported version for OpenSSL is 1.1.1 or later. + Qt version 5.15.1 onward is also compatible with OpenSSL 3. + \annotatedlist ssl + For Android applications see \l{Adding OpenSSL Support for Android}. + + \section1 Enabling and Disabling SSL Support when Building Qt from Source - \section1 Enabling and Disabling SSL Support + When building Qt from source, Qt builds plugins for native TLS libraries + that are supported for the operating system you are building for. For + Windows this means + \l{https://docs.microsoft.com/en-us/windows/win32/com/schannel}{Schannel}, + while for macOS this is + \l{https://developer.apple.com/documentation/security/secure_transport}{Secure Transport}. - When building Qt from source, the configuration system checks for the presence - of the \c{openssl/opensslv.h} header provided by source or developer packages - of OpenSSL. + On all platforms, the configuration system checks for the presence of the + \c{openssl/opensslv.h} header provided by source or developer packages + of OpenSSL. If found, it will enable and build the OpenSSL backend for Qt. - By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL - library at run-time. However, it is possible to link against the library at - compile-time by configuring Qt with the \c{-openssl-linked} option. + By default, an OpenSSL-enabled Qt library dynamically loads any installed + OpenSSL library at run-time. However, it is possible to link against the + library at compile-time by configuring Qt with the \c{-openssl-linked} + option. When building a version of Qt linked against OpenSSL, Qt's build system will use CMake's \c{FindOpenSSL} command to find OpenSSL in several standard @@ -65,6 +53,20 @@ To disable SSL support in a Qt build, configure Qt with the \c{-no-openssl} option. + \section1 Considerations While Packaging Your Application + + When you package your application, you may run a tool like \l{windeployqt}. This + copies all the plugins for the libraries you use to the \c{plugins/} folder. + However, for TLS you only need one backend, and you may delete the other + plugins before packaging your application. For example, if you're on Windows + and don't require any of the extra features the OpenSSL backend provides, + you can choose to forego shipping the \c{qopensslbackend} plugin as well as + the OpenSSL library, and simply ship the \c{qschannelbackend} plugin. + + However, shipping multiple backends is not a problem. Qt will + attempt to load the backends in order (with OpenSSL attempted first) until + one is successfully loaded. The other backends are then unused. + \section1 Datagram Transport Layer Security Datagram Transport Layer Security (DTLS) is a protocol that enables security @@ -72,7 +74,7 @@ eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol. QtNetwork enables the use of DTLS with User Datagram Protocol (UDP), as defined by - \l {https://tools.ietf.org/html/rfc6347}{RFC 6347}. + \l {RFC 6347}. \section1 Import and Export Restrictions |