Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-12338

Enhance QSsl::Protocol enumeration to enable selection of SslV3 and TlsV1 - leaving SslV2 out

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Done
    • P2: Important
    • 4.8.0
    • 4.6.3
    • Network: SSL
    • None

    • Tested on OpenSuSE 11.2 - using Qt 4.6.3

    • b2c8421ff95ad62cbd67843ad5cd3edf72ecda31

    Description

      With the insecurities in SslV2 it would be handy to be able to select to not use it but instead use SslV3 or TlsV1.

      What I propose is adding a NoSslV2 element to the QSsl::Protocol enumeration so someone can set the protocol on a QSslSocket to use the secure protocols.
      This is possible using the openssl option for setting the SSL_OP_NO_SSLv2.

      I have attached a patch that appears to do the job in the testing that I have done.
      The patch touches
      src/network/ssl/qssl.h to add the enum element
      src/network/ssl/qsslsocket_openssl.cpp to set the ssl CTX option if the NoSslV2 is desired.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. QTBUG-15220 Disable SSLv2 support

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              phartman Peter Hartmann (closed Nokia identity) (Inactive)
              dlissimore Darren Lissimore
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes