[Development] QSsl: finer-grained protocol selection
Richard Moore
rich at kde.org
Mon Dec 29 16:30:29 CET 2014
On 28 December 2014 at 13:26, Thiago Macieira <thiago.macieira at intel.com>
wrote:
> On Sunday 28 December 2014 13:11:13 Richard Moore wrote:
> > At the moment there are still a lot of SSL accelerators out there with
> > these problems. We can probably stop worrying in around a year once all
> the
> > browsers have got around to disabling SSL3 and thereby forcing things to
> be
> > fixed. Currently we will already fail to connect to these servers, but
> the
> > API we provide allows users to implement workarounds in their own code.
> If
> > we change the meaning of the TLSv1 constant in this way then it would no
> > longer be possible for them to do this.
>
> Ah, I see.
>
> Then we just add to the list:
>
> TlsV1_0OrLater,
> TlsV1_1OrLater,
> TlsV1_2OrLater
>
> When TLS 1.3 comes into existence, we add:
>
> TlsV1_3,
> TlsV1_3OrLater
>
>
I think this is probably the way to go. It's certainly the easiest to
implement with the openssl backend.
> Alternatively, we can add a
>
> /// if major == 0, sets to "Secure Protocols"
> void setMinimumTlsVersion(int major, int minor);
> int sessionTlsMajorVersion() const;
> int sessionTlsMinorVersion() const;
>
> And deprecate setProtocol.
>
I'd also be okay with this,
Cheers
Rich.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20141229/a2729da1/attachment.html>
More information about the Development
mailing list