diff options
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 35 |
1 files changed, 9 insertions, 26 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 19848a73f0..436588afc5 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -344,6 +344,9 @@ long QSslSocketBackendPrivate::setupOpenSslOptions(QSsl::SslProtocol protocol, Q options |= SSL_OP_NO_COMPRESSION; #endif + if (!(sslOptions & QSsl::SslOptionDisableServerCipherPreference)) + options |= SSL_OP_CIPHER_SERVER_PREFERENCE; + return options; } @@ -491,30 +494,8 @@ bool QSslSocketPrivate::ensureLibraryLoaded() // Initialize OpenSSL's random seed. if (!q_RAND_status()) { - struct { - int msec; - int sec; - void *stack; - } randomish; - - int attempts = 500; - do { - if (attempts < 500) { -#ifdef Q_OS_UNIX - struct timespec ts = {0, 33333333}; - nanosleep(&ts, 0); -#else - Sleep(3); -#endif - randomish.msec = attempts; - } - randomish.stack = (void *)&randomish; - randomish.msec = QTime::currentTime().msec(); - randomish.sec = QTime::currentTime().second(); - q_RAND_seed((const char *)&randomish, sizeof(randomish)); - } while (!q_RAND_status() && --attempts); - if (!attempts) - return false; + qWarning("Random number generator not seeded, disabling SSL support"); + return false; } } return true; @@ -662,8 +643,10 @@ void QSslSocketPrivate::resetDefaultCiphers() if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); if (!ciph.isNull()) { - // Unconditionally exclude ADH ciphers since they offer no MITM protection - if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) + // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection + if (!ciph.name().toLower().startsWith(QLatin1String("adh")) && + !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) && + !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) ciphers << ciph; if (ciph.usedBits() >= 128) defaultCiphers << ciph; |