summaryrefslogtreecommitdiffstats
path: root/src/network/doc/src/ssl.qdoc
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/doc/src/ssl.qdoc')
-rw-r--r--src/network/doc/src/ssl.qdoc76
1 files changed, 39 insertions, 37 deletions
diff --git a/src/network/doc/src/ssl.qdoc b/src/network/doc/src/ssl.qdoc
index ed04e13487..83549f61e8 100644
--- a/src/network/doc/src/ssl.qdoc
+++ b/src/network/doc/src/ssl.qdoc
@@ -1,29 +1,5 @@
-/****************************************************************************
-**
-** Copyright (C) 2016 The Qt Company Ltd.
-** Contact: https://www.qt.io/licensing/
-**
-** This file is part of the documentation of the Qt Toolkit.
-**
-** $QT_BEGIN_LICENSE:FDL$
-** Commercial License Usage
-** Licensees holding valid commercial Qt licenses may use this file in
-** accordance with the commercial license agreement provided with the
-** Software or, alternatively, in accordance with the terms contained in
-** a written agreement between you and The Qt Company. For licensing terms
-** and conditions see https://www.qt.io/terms-conditions. For further
-** information use the contact form at https://www.qt.io/contact-us.
-**
-** GNU Free Documentation License Usage
-** Alternatively, this file may be used under the terms of the GNU Free
-** Documentation License version 1.3 as published by the Free Software
-** Foundation and appearing in the file included in the packaging of
-** this file. Please review the following information to ensure
-** the GNU Free Documentation License version 1.3 requirements
-** will be met: https://www.gnu.org/licenses/fdl-1.3.html.
-** $QT_END_LICENSE$
-**
-****************************************************************************/
+// Copyright (C) 2016 The Qt Company Ltd.
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only
/*!
\page ssl.html
@@ -33,24 +9,36 @@
\keyword SSL
The classes below provide support for secure network communication using
- the Secure Sockets Layer (SSL) protocol, using the \l{OpenSSL Toolkit}
- to perform encryption and protocol handling.
+ the Secure Sockets Layer (SSL) protocol, using a native TLS backend,
+ the \l{OpenSSL Toolkit}, or any appropriate TLS plugin to perform encryption
+ and protocol handling.
- From Qt version 5.15 onwards, the officially supported version for OpenSSL
+ From Qt version 5.15 onward, the officially supported version for OpenSSL
is 1.1.1 or later.
+ Qt version 5.15.1 onward is also compatible with OpenSSL 3.
+
\annotatedlist ssl
+ For Android applications see \l{Adding OpenSSL Support for Android}.
+
+ \section1 Enabling and Disabling SSL Support when Building Qt from Source
- \section1 Enabling and Disabling SSL Support
+ When building Qt from source, Qt builds plugins for native TLS libraries
+ that are supported for the operating system you are building for. For
+ Windows this means
+ \l{https://docs.microsoft.com/en-us/windows/win32/com/schannel}{Schannel},
+ while for macOS this is
+ \l{https://developer.apple.com/documentation/security/secure_transport}{Secure Transport}.
- When building Qt from source, the configuration system checks for the presence
- of the \c{openssl/opensslv.h} header provided by source or developer packages
- of OpenSSL.
+ On all platforms, the configuration system checks for the presence of the
+ \c{openssl/opensslv.h} header provided by source or developer packages
+ of OpenSSL. If found, it will enable and build the OpenSSL backend for Qt.
- By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL
- library at run-time. However, it is possible to link against the library at
- compile-time by configuring Qt with the \c{-openssl-linked} option.
+ By default, an OpenSSL-enabled Qt library dynamically loads any installed
+ OpenSSL library at run-time. However, it is possible to link against the
+ library at compile-time by configuring Qt with the \c{-openssl-linked}
+ option.
When building a version of Qt linked against OpenSSL, Qt's build system will
use CMake's \c{FindOpenSSL} command to find OpenSSL in several standard
@@ -65,6 +53,20 @@
To disable SSL support in a Qt build, configure Qt with the \c{-no-openssl}
option.
+ \section1 Considerations While Packaging Your Application
+
+ When you package your application, you may run a tool like \l{windeployqt}. This
+ copies all the plugins for the libraries you use to the \c{plugins/} folder.
+ However, for TLS you only need one backend, and you may delete the other
+ plugins before packaging your application. For example, if you're on Windows
+ and don't require any of the extra features the OpenSSL backend provides,
+ you can choose to forego shipping the \c{qopensslbackend} plugin as well as
+ the OpenSSL library, and simply ship the \c{qschannelbackend} plugin.
+
+ However, shipping multiple backends is not a problem. Qt will
+ attempt to load the backends in order (with OpenSSL attempted first) until
+ one is successfully loaded. The other backends are then unused.
+
\section1 Datagram Transport Layer Security
Datagram Transport Layer Security (DTLS) is a protocol that enables security
@@ -72,7 +74,7 @@
eavesdropping, tampering, or message forgery. The DTLS protocol is based on the
stream-oriented Transport Layer Security (TLS) protocol. QtNetwork enables
the use of DTLS with User Datagram Protocol (UDP), as defined by
- \l {https://tools.ietf.org/html/rfc6347}{RFC 6347}.
+ \l {RFC 6347}.
\section1 Import and Export Restrictions