[Development] QSsl: finer-grained protocol selection
Thiago Macieira
thiago.macieira at intel.com
Sun Dec 28 14:26:57 CET 2014
On Sunday 28 December 2014 13:11:13 Richard Moore wrote:
> At the moment there are still a lot of SSL accelerators out there with
> these problems. We can probably stop worrying in around a year once all the
> browsers have got around to disabling SSL3 and thereby forcing things to be
> fixed. Currently we will already fail to connect to these servers, but the
> API we provide allows users to implement workarounds in their own code. If
> we change the meaning of the TLSv1 constant in this way then it would no
> longer be possible for them to do this.
Ah, I see.
Then we just add to the list:
TlsV1_0OrLater,
TlsV1_1OrLater,
TlsV1_2OrLater
When TLS 1.3 comes into existence, we add:
TlsV1_3,
TlsV1_3OrLater
Alternatively, we can add a
/// if major == 0, sets to "Secure Protocols"
void setMinimumTlsVersion(int major, int minor);
int sessionTlsMajorVersion() const;
int sessionTlsMinorVersion() const;
And deprecate setProtocol.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Development
mailing list