Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-130391

OpenSSL 3 backend not working with TLS 1.0

    XMLWordPrintable

Details

    • Bug
    • Resolution: Out of scope
    • P2: Important
    • None
    • 6.5.7, 6.8
    • Network: SSL
    • None
    • Android

    Description

      Although highly insecure, some older embedded devices still use TLS 1.0 (``QSsl::TlsV1_0``). The macOS/iOS implementation works fine, but OpenSSL 3.x backends (e.g., used with Android) fail with a "Handshake/unsupported protocol" error.

      OpenSSL (libcrypto, libssl) are configured with these parameters:

      "enable-tls1" "enable-tls1_1" "enable-deprecated" "enable-ssl3" "enable-weak-ssl-ciphers"

      I suspect that the ``SSL_CTX_set_security_level`` has to be set to ``0`` when using ``QSsl::TlsV1_0`` (see https://github.com/openssl/openssl/issues/13299#issuecomment-721955354).

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            tpochep Timur Pocheptsov
            Harald Meyer Harald Meyer
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes