Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-43168

Need a way to request TLSv1.0+

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Done
    • Icon: Not Evaluated Not Evaluated
    • 5.5.0
    • 5.2.1, 5.3.2
    • Network: SSL
    • None
    • bf3246fdff321b4f07f88c697102c8ef5a7969d0

      Because of the POODLE attack it is recommended to disable SSLv3 (eg see https://disablessl3.com/ ). Disabling it in the client and server means that a MiTM cannot force to downgrade the connection to a vulnerable protocol.

      However, QSsl::SslProtocol currently only has the option to force a specific TlsV1_x. This is too specific. It would be useful to have a protocol QSsl::AnyTls, or even better, a bit field to disable or enable specific protocols. Something to inject SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2 at the OpenSSL level.

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            richmoore Richard Moore (qtnetwork)
            wumpus Wladimir J. van der Laan
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes