Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-26866

Support explicit use of TLS 1.1 and 1.2

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Done
    • P2: Important
    • 5.0.0
    • 5.0.0
    • Network: SSL
    • None
    • 92ce431d06e0b53ee5de2aeb67435e73c8bff681

    Description

      OpenSSL supports TLS 1.1 and 1.2 since version 1.0.1 (the default on Ubuntu 12.04), and Qt seems to use TLS 1.1 by default (since the various OpenSSL methods include support for high protocols than the one you specify).

      I have a situation where I need to use TLS 1.2 and I need to guarantee that my client will never use a lower SSL version, so I need a QSsl::TlsV1_2 enum, and support for it.

      A patch is included, plus a patch to the QtTestBrowser in WebKit which I used to test it (if you're interested).

      There are two things I still need to figure out:

      • Are any other changes required to fully support TLS 1.2? This patch works but I'm going to do a little more research to make sure I'm not missing anything.
      • What should we do when TLS 1.1 and 1.2 aren't available (OpenSSL < 1.0.1)? It won't break the build, but SSL connections will fail when they try to resolve the function.

      Anyway, let me know if you need me to do anything else to get this in.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            richmoore Richard Moore (qtnetwork)
            brendanlong Brendan Long
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes