[Development] Support for custom Diffie-Hellman parameters in QSslSocket

Mikkel Krautz mikkel at krautz.dk
Tue May 26 00:16:50 CEST 2015


I've been working on adding the ability to set custom DH parameters
for QSslSocket and I want to start discussing an API for the feature,
rather than jumping directly to a code review.

I have a preliminary patch that adds a sketch of the API I'm envisioning:
(It's untested, but it builds...)

Basically, what I'm envisioning is

 - An opaque (for the user) QSslDiffieHellmanParameters class.
 - It loads DH parameters either as PEM or DER via a constructor that
takes a QByteArray or a QIODevice (like QSslKey).
 - After loading, isNull() can be used to check if the DH parameters
were loaded, and were valid (OpenSSL backend uses DH_check -- not sure
what should be done on SecureTransport, if anything?).
 - Internally, the QSslDiffieHellmanParameters object stores a
DER-encoded version of the parameters. (This makes it easily loadable
in both OpenSSL and SecureTransport)
 - A public QSslConfiguration::setDiffieHellmanParameters() to set the
DH parameters.
 - A public (but not in the public headers)
QSslConfiguration::diffieHellmanParameters() for internal use by the
 - QSslDiffieHellmanParametersPrivate will befriend QSslContext (for
OpenSSL) and an equivalent for SecureTransport to allow the
implementations to access the DER encoded data of the

I did a cursory web search for the ability to set DH parameters for
WinRT listeners, but I don't think that's possible -- so I haven't
considered that, for now...

Let me know what you think.


More information about the Development mailing list