[Development] Support for custom Diffie-Hellman parameters in QSslSocket
mikkel at krautz.dk
Tue May 26 12:11:46 CEST 2015
Sorry for the clash of work -- I had this sketch done on Saturday, and
thought I would have more time during the weekend to hack on it.
However that turned out not to be the case, so I threw this out here.
I'll strive to be more communicative in the future. :-)
WRT tests and docs: I'm aware that they're lacking, this was mainly a
sketch of the API.
I will upload it as-is to Gerrit and get back to you, so I can get
people's comments early.
On Tue, May 26, 2015 at 11:34 AM, Richard Moore <rich at kde.org> wrote:
> Hi Mikkel,
> Please could you upload your change to gerrit so I can review it properly? I
> was actually implementing this yesterday, but since you've got it done I'll
> abandon my change. If you add me as the reviewer then I'll add the other
> relevant people. The change seems mainly okay, but there are a few minor
> things need fixing (some incorrect \since statements, missing autotest
> On 25 May 2015 at 23:16, Mikkel Krautz <mikkel at krautz.dk> wrote:
>> I've been working on adding the ability to set custom DH parameters
>> for QSslSocket and I want to start discussing an API for the feature,
>> rather than jumping directly to a code review.
>> I have a preliminary patch that adds a sketch of the API I'm envisioning:
>> (It's untested, but it builds...)
>> Basically, what I'm envisioning is
>> - An opaque (for the user) QSslDiffieHellmanParameters class.
>> - It loads DH parameters either as PEM or DER via a constructor that
>> takes a QByteArray or a QIODevice (like QSslKey).
>> - After loading, isNull() can be used to check if the DH parameters
>> were loaded, and were valid (OpenSSL backend uses DH_check -- not sure
>> what should be done on SecureTransport, if anything?).
>> - Internally, the QSslDiffieHellmanParameters object stores a
>> DER-encoded version of the parameters. (This makes it easily loadable
>> in both OpenSSL and SecureTransport)
>> - A public QSslConfiguration::setDiffieHellmanParameters() to set the
>> DH parameters.
>> - A public (but not in the public headers)
>> QSslConfiguration::diffieHellmanParameters() for internal use by the
>> - QSslDiffieHellmanParametersPrivate will befriend QSslContext (for
>> OpenSSL) and an equivalent for SecureTransport to allow the
>> implementations to access the DER encoded data of the
>> I did a cursory web search for the ability to set DH parameters for
>> WinRT listeners, but I don't think that's possible -- so I haven't
>> considered that, for now...
>> Let me know what you think.
>> Development mailing list
>> Development at qt-project.org
More information about the Development