[Development] QSsl: finer-grained protocol selection

Thiago Macieira thiago.macieira at intel.com
Sun Dec 28 14:26:57 CET 2014


On Sunday 28 December 2014 13:11:13 Richard Moore wrote:
> At the moment there are still a lot of SSL accelerators out there with
> these problems. We can probably stop worrying in around a year once all the
> browsers have got around to disabling SSL3 and thereby forcing things to be
> fixed. Currently we will already fail to connect to these servers, but the
> API we provide allows users to implement workarounds in their own code. If
> we change the meaning of the TLSv1 constant in this way then it would no
> longer be possible for them to do this.

Ah, I see.

Then we just add to the list:

	TlsV1_0OrLater,
	TlsV1_1OrLater,
	TlsV1_2OrLater

When TLS 1.3 comes into existence, we add:

	TlsV1_3,
	TlsV1_3OrLater

Alternatively, we can add a 

	/// if major == 0, sets to "Secure Protocols"
	void setMinimumTlsVersion(int major, int minor);
	int sessionTlsMajorVersion() const;
	int sessionTlsMinorVersion() const;

And deprecate setProtocol.
-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center




More information about the Development mailing list