[Development] QSsl: finer-grained protocol selection
Mikkel Krautz
mikkel at krautz.dk
Fri Jan 16 15:16:46 CET 2015
On Sun, Dec 28, 2014 at 2:26 PM, Thiago Macieira
<thiago.macieira at intel.com> wrote:
> On Sunday 28 December 2014 13:11:13 Richard Moore wrote:
>> At the moment there are still a lot of SSL accelerators out there with
>> these problems. We can probably stop worrying in around a year once all the
>> browsers have got around to disabling SSL3 and thereby forcing things to be
>> fixed. Currently we will already fail to connect to these servers, but the
>> API we provide allows users to implement workarounds in their own code. If
>> we change the meaning of the TLSv1 constant in this way then it would no
>> longer be possible for them to do this.
>
> Ah, I see.
>
> Then we just add to the list:
>
> TlsV1_0OrLater,
> TlsV1_1OrLater,
> TlsV1_2OrLater
>
> When TLS 1.3 comes into existence, we add:
>
> TlsV1_3,
> TlsV1_3OrLater
We'd be fine with either of these proposals.
However, I think this proposal would be less surprising to existing
users of QSslSocket, so it's the one I'd prefer personally.
> Alternatively, we can add a
>
> /// if major == 0, sets to "Secure Protocols"
> void setMinimumTlsVersion(int major, int minor);
> int sessionTlsMajorVersion() const;
> int sessionTlsMinorVersion() const;
>
> And deprecate setProtocol.
> --
> Thiago Macieira - thiago.macieira (AT) intel.com
> Software Architect - Intel Open Source Technology Center
>
> _______________________________________________
> Development mailing list
> Development at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development
More information about the Development
mailing list