Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-43168

Need a way to request TLSv1.0+

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Done
    • Not Evaluated
    • 5.5.0
    • 5.2.1, 5.3.2
    • Network: SSL
    • None
    • bf3246fdff321b4f07f88c697102c8ef5a7969d0

    Description

      Because of the POODLE attack it is recommended to disable SSLv3 (eg see https://disablessl3.com/ ). Disabling it in the client and server means that a MiTM cannot force to downgrade the connection to a vulnerable protocol.

      However, QSsl::SslProtocol currently only has the option to force a specific TlsV1_x. This is too specific. It would be useful to have a protocol QSsl::AnyTls, or even better, a bit field to disable or enable specific protocols. Something to inject SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2 at the OpenSSL level.

      Attachments

        Issue Links

          duplicates

          Suggestion - Public suggestions QTBUG-28469 QSsl::SslProtocol should be of type QFlags<QSsl::SslProtocolFlag>

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              richmoore Richard Moore (qtnetwork)
              wumpus Wladimir J. van der Laan
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes