Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-82876

[Windows]: Switch default builds to use Secure Channel for SSL sockets

    XMLWordPrintable

Details

    • User Story
    • Resolution: Done
    • P2: Important
    • 6.2
    • 6.1
    • Network: SSL
    • None
    • Windows
    • 5

    Description

      Switch the default builds to use -schannel configure flag, instead of relying on openssl.

      This would allow users of the default Qt builds that need basic SSL/TLS functionality - like Qt Creator - to not ship OpenSSL libraries.

      This would have following advantages

      • Less issues with packaging
      • Less need to follow up upstream releases for security issues
      • No need to separately declare OpenSSL in export classification documents etc

       

      Anyhow, there are also some loss in functionality (quoting from https://bugreports.qt.io/browse/QTBUG-62637?focusedCommentId=471900):

      • PSK support is not available (documentation from Microsoft is lacking and it seems to be a binary choice (i.e. you either have to use PSK for the connection or PSK is completely unavailable)).
      • TLS 1.3 is not available (there's an enum value for it, but it errors out if you use it).
      • ALPN / HTTP2 is only available for windows 8.1 and up but not available if you compile with MinGW because it doesn't have all the necessary things available.
      • DTLS support is not implemented (can be done, but hasn't been a priority outside of having it work for openssl)
      • Specifying ciphers is not available.
      • this issue

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              tpochep Timur Pocheptsov
              kkohne Kai Köhne
              Vladimir Minenko Vladimir Minenko
              Alex Blasche Alex Blasche
              Votes:
              4 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes