1 files changed, 9 insertions, 26 deletions

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 19848a73f0..436588afc5 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -344,6 +344,9 @@ long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, Q
         options |= SSL_OP_NO_COMPRESSION;
 #endif
 
+    if (!(sslOptions & QSsl::SslOptionDisableServerCipherPreference))
+        options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+
     return options;
 }
 
@@ -491,30 +494,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded()
 
         // Initialize OpenSSL's random seed.
         if (!q_RAND_status()) {
-            struct {
-                int msec;
-                int sec;
-                void *stack;
-            } randomish;
-
-            int attempts = 500;
-            do {
-                if (attempts < 500) {
-#ifdef Q_OS_UNIX
-                    struct timespec ts = {0, 33333333};
-                    nanosleep(&ts, 0);
-#else
-                    Sleep(3);
-#endif
-                    randomish.msec = attempts;
-                }
-                randomish.stack = (void *)&randomish;
-                randomish.msec = QTime::currentTime().msec();
-                randomish.sec = QTime::currentTime().second();
-                q_RAND_seed((const char *)&randomish, sizeof(randomish));
-            } while (!q_RAND_status() && --attempts);
-            if (!attempts)
-                return false;
+            qWarning("Random number generator not seeded, disabling SSL support");
+            return false;
         }
     }
     return true;
@@ -662,8 +643,10 @@ void QSslSocketPrivate::resetDefaultCiphers()
         if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
             QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
             if (!ciph.isNull()) {
-                // Unconditionally exclude ADH ciphers since they offer no MITM protection
-                if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
+                // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection
+                if (!ciph.name().toLower().startsWith(QLatin1String("adh")) &&
+                    !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) &&
+                    !ciph.name().toLower().startsWith(QLatin1String("aecdh")))
                     ciphers << ciph;
                 if (ciph.usedBits() >= 128)
                     defaultCiphers << ciph;