1 files changed, 26 insertions, 15 deletions
diff --git a/src/network/ssl/qsslconfiguration.cpp b/src/network/ssl/qsslconfiguration.cpp
index 80377f3426..fd308d7037 100644
--- a/src/network/ssl/qsslconfiguration.cpp
+++ b/src/network/ssl/qsslconfiguration.cpp
@@ -105,6 +105,12 @@ const char QSslConfiguration::NextProtocolHttp1_1[] = "http/1.1";
 */
 
 /*!
+    \variable QSslConfiguration::ALPNProtocolHTTP2
+    \brief The value used for negotiating HTTP 2 during the Application-Layer
+    Protocol Negotiation.
+*/
+
+/*!
     Constructs an empty SSL configuration. This configuration contains
     no valid settings and the state will be empty. isNull() will
     return true after this constructor is called.
@@ -218,15 +224,15 @@ bool QSslConfiguration::isNull() const
             d->peerVerifyMode == QSslSocket::AutoVerifyPeer &&
             d->peerVerifyDepth == 0 &&
             d->allowRootCertOnDemandLoading == true &&
-            d->caCertificates.count() == 0 &&
-            d->ciphers.count() == 0 &&
+            d->caCertificates.size() == 0 &&
+            d->ciphers.size() == 0 &&
             d->ellipticCurves.isEmpty() &&
             d->ephemeralServerKey.isNull() &&
             d->dhParams == QSslDiffieHellmanParameters::defaultParameters() &&
             d->localCertificateChain.isEmpty() &&
             d->privateKey.isNull() &&
             d->peerCertificate.isNull() &&
-            d->peerCertificateChain.count() == 0 &&
+            d->peerCertificateChain.size() == 0 &&
             d->backendConfig.isEmpty() &&
             d->sslOptions == QSslConfigurationPrivate::defaultSslOptions &&
             d->sslSession.isNull() &&
@@ -550,8 +556,6 @@ void QSslConfiguration::setPrivateKey(const QSslKey &key)
     ciphers. You can revert to using the entire set by calling
     setCiphers() with the list returned by supportedCiphers().
 
-    \note This is not currently supported in the Schannel backend.
-
     \sa setCiphers(), supportedCiphers()
 */
 QList<QSslCipher> QSslConfiguration::ciphers() const
@@ -567,8 +571,6 @@ QList<QSslCipher> QSslConfiguration::ciphers() const
     Restricting the cipher suite must be done before the handshake
     phase, where the session cipher is chosen.
 
-    \note This is not currently supported in the Schannel backend.
-
     \sa ciphers(), supportedCiphers()
 */
 void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers)
@@ -581,16 +583,14 @@ void QSslConfiguration::setCiphers(const QList<QSslCipher> &ciphers)
 
     Sets the cryptographic cipher suite for this configuration to \a ciphers,
     which is a colon-separated list of cipher suite names. The ciphers are listed
-    in order of preference, starting with the most preferred cipher. For example:
-
-    \snippet code/src_network_ssl_qsslconfiguration.cpp 1
-
+    in order of preference, starting with the most preferred cipher.
     Each cipher name in \a ciphers must be the name of a cipher in the
     list returned by supportedCiphers().  Restricting the cipher suite
     must be done before the handshake phase, where the session cipher
     is chosen.
 
-    \note This is not currently supported in the Schannel backend.
+    \note With the Schannel backend the order of the ciphers is ignored and Schannel
+          picks the most secure one during the handshake.
 
     \sa ciphers()
 */
@@ -922,7 +922,11 @@ void QSslConfiguration::setPreSharedKeyIdentityHint(const QByteArray &hint)
     Retrieves the current set of Diffie-Hellman parameters.
 
     If no Diffie-Hellman parameters have been set, the QSslConfiguration object
-    defaults to using the 1024-bit MODP group from RFC 2409.
+    defaults to using the 2048-bit MODP group from RFC 3526.
+
+    \note The default parameters may change in future Qt versions.
+    Please check the documentation of the \e{exact Qt version} that you
+    are using in order to know what defaults that version uses.
  */
 QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
 {
@@ -936,7 +940,14 @@ QSslDiffieHellmanParameters QSslConfiguration::diffieHellmanParameters() const
     a server to \a dhparams.
 
     If no Diffie-Hellman parameters have been set, the QSslConfiguration object
-    defaults to using the 1024-bit MODP group from RFC 2409.
+    defaults to using the 2048-bit MODP group from RFC 3526.
+
+    Since 6.7 you can provide an empty Diffie-Hellman parameter to use auto selection
+    (see SSL_CTX_set_dh_auto of openssl) if the tls backend supports it.
+
+    \note The default parameters may change in future Qt versions.
+    Please check the documentation of the \e{exact Qt version} that you
+    are using in order to know what defaults that version uses.
  */
 void QSslConfiguration::setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams)
 {
@@ -1098,7 +1109,7 @@ void QSslConfiguration::setDefaultConfiguration(const QSslConfiguration &configu
     QSslConfigurationPrivate::setDefaultConfiguration(configuration);
 }
 
-#if QT_CONFIG(dtls) || defined(Q_CLANG_QDOC)
+#if QT_CONFIG(dtls) || defined(Q_QDOC)
 
 /*!
   This function returns true if DTLS cookie verification was enabled on a