-
Bug
-
Resolution: Done
-
P1: Critical
-
5.9.2
-
None
-
macOS
-
55f8d7dfe5589f85b0fa8a0705b1821f69b2cb34 9c765522d1c4f8090b5f5d391b1740fc4bd67664
TL;DR: Server-side QSslSocket with protocol set to QSsl::TlsV1_0OrLater failes with handshake while with QSsl::TlsV1_2 works correctly. This issue seems to be macOS only.
I have QSslSocket based HTTPS Web server, where every incomming connection is wrapped into QSslSocket like this:
QSslSocket *socket = new QSslSocket;
socket->setProtocol(QSsl::SecureTlsV1_2);
...
if (!socket->setSocketDescriptor(socketDescriptor)) {
...
}
socket->startServerEncryption();
When I access this server with curl, everythings works correctly. If I change socket protocol to QSsl::TlsV1_0OrLater, the SSL handshake fails emitting error signal with SslHandshakeFailedError
Placing breakpoint at QSslSocketBackendPrivate::startHandshake() and doing small debug round-trip I can see that bool QSslSocketBackendPrivate::verifySessionProtocol() const returns false as it imho doesn't handle the QSsl::TlsV*OrLater variants of protocol enum correctly.
| For Gerrit Dashboard: QTBUG-64319 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 210750,2 | qsslsocket_mac: handle 'OrLater' SslProtocols in verifySessionProtocol() | 5.9 | qt/qtbase | Status: ABANDONED | 0 | 0 |