[Development] SSL Plans for Qt 5.6

Richard Moore rich at kde.org
Sun Feb 22 18:57:13 CET 2015


On 22 February 2015 at 17:50, Jeremy Lainé <jeremy.laine at m4x.org> wrote:

>  On 02/22/2015 06:42 PM, Richard Moore wrote:
>
>
>
> On 22 February 2015 at 17:39, Jeremy Lainé <jeremy.laine at m4x.org> wrote:
>
>>
>> Whilst I agree with the goal of dropping support for old / unmaintained
>> OpenSSL versions, in the case of OS X we probably need to map out the
>> transition in more detail - especially what policy to follow for the
>> official binary releases. My main concern is that in Qt 5.5 the
>> SecureTransport backend is available on OS X, but as far as I know we
>> are still aiming for OpenSSL-based binaries. This means that a lot of
>> users will not be exposed to this new backend at all, and then suddenly
>> in Qt 5.6 the old backend will be completely gone, with no way to build
>> it even from source.
>>
>
>  I think you're misunderstanding. Openssl will remain supported, just not
> the outdated 0.9.8 branch apple ship. Users will still be able to make use
> of openssl on mac they'll just have install a newer version. Does this
> change your concerns?
>
>
> I understood what you were saying, I think I just expressed my concerns
> poorly. When I said "now way to build even from source", I meant "no way to
> build support for OpenSSL as shipped by Apple". Anyway, my main concern is
> : how do we encourage OS X users to make use of the new backend, to avoid
> nasty surprises when it because the default backend?
>
>
I see. Okay, well one way to encourage them is that apple don't ship
openssl on iOS, so we'll certainly get some coverage that way. I think
another is that we'll have to ask them to. :-) Note that we already don't
really support 0.9.8 so this isn't actually much of a change. I suspect
many users will already have a newer openssl on their system anyway which
can be used.

Hopefully we'll start getting some feedback on how people are finding the
SecureTransport backend during the betas.



> Slightly off-topic but related : does the Qt Company have any privileged
> access to Apple engineers working on Secure Transport? I would like to
> understand what the plans are regarding support for NPN / ALPN.
>

No idea on that one, but I'd imagine they'll want to support http/2 in
safari at some point.

Cheers

Rich.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20150222/59080b04/attachment.html>


More information about the Development mailing list