[Development] QSsl: finer-grained protocol selection
Richard Moore
rich at kde.org
Sat Dec 27 11:52:41 CET 2014
On 26 December 2014 at 21:12, Thiago Macieira <thiago.macieira at intel.com>
wrote:
>
> I don't think we need fine-grained detection, but we do need something
> better
> than what we have right now.
>
> My suggestion is to set a level. For example, if you set to TlsV10, then
> you
> get TLS v1.0 and anything newer, existing today or not, and disable
> anything
> older. The client will negotiate the highest version at connection time.
> The
> only reason to disable newer versions is when the server is buggy, but the
> application should not have to care about that. That's OpenSSL's job.
>
>
Hmm, if you set TLS 1.0 you really need to only negotiate TLS 1.0. If not
then if you're connecting to old servers the TLS extensions will lead the
connection to hang. Perhaps what we want is a minimum and maximum version
(though this doesn't map very well to the underlying openssl API).
Cheers
Rich.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20141227/3abb019c/attachment.html>
More information about the Development
mailing list