summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qssl.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/ssl/qssl.cpp')
-rw-r--r--src/network/ssl/qssl.cpp8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/network/ssl/qssl.cpp b/src/network/ssl/qssl.cpp
index db72f9a519..be4ca028fb 100644
--- a/src/network/ssl/qssl.cpp
+++ b/src/network/ssl/qssl.cpp
@@ -141,9 +141,15 @@ QT_BEGIN_NAMESPACE
\value SslOptionDisableServerNameIndication Disables the SSL server
name indication extension. When enabled, this tells the server the virtual
host being accessed allowing it to respond with the correct certificate.
+ \value SslOptionDisableLegacyRenegotiation Disables the older insecure
+ mechanism for renegotiating the connection parameters. When enabled, this
+ option can allow connections for legacy servers, but it introduces the
+ possibility that an attacker could inject plaintext into the SSL session.
By default, SslOptionDisableEmptyFragments is turned on since this causes
- problems with a large number of servers, but the other options are disabled.
+ problems with a large number of servers. SslOptionDisableLegacyRenegotiation
+ is also turned on, since it introduces a security risk. The other options
+ are turned off.
Note: Availability of above options depends on the version of the SSL
backend in use.
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 01:02:21 +0000