[Development] Incorrect TLS Session Verification on macOS with OrLater Options

Jason A. Donenfeld Jason at zx2c4.com
Sat Jan 28 00:16:04 CET 2017


The file src/network/ssl/qsslsocket_mac.cpp contains a nasty bug
preventing the use of setProtocol(QSsl::TlsV1_2OrLater):

bool QSslSocketBackendPrivate::verifySessionProtocol() const
   bool protocolOk = false;
   if (configuration.protocol == QSsl::AnyProtocol)
       protocolOk = true;
   else if (configuration.protocol == QSsl::TlsV1SslV3)
       protocolOk = (sessionProtocol() >= QSsl::SslV3);
   else if (configuration.protocol == QSsl::SecureProtocols)
       protocolOk = (sessionProtocol() >= QSsl::TlsV1_0);
       protocolOk = (sessionProtocol() == configuration.protocol);

   return protocolOk;

In the else clause, it checks for equality between sessionProtocol()
and the configuration protocol. If the configuration protocol is
*OrLater, this will always be false, and so verification will never
succeed. And indeed, sessionProtocol() never returns an OrLater

    switch (protocol) {
   case kSSLProtocol2:
       return QSsl::SslV2;
   case kSSLProtocol3:
       return QSsl::SslV3;
   case kTLSProtocol1:
       return QSsl::TlsV1_0;
   case kTLSProtocol11:
       return QSsl::TlsV1_1;
   case kTLSProtocol12:
       return QSsl::TlsV1_2;
       return QSsl::UnknownProtocol;

The solution is to properly match the OrLaters and use the usual >= comparison.

A current workaround is to hard code the SSL version and not use an
OrLater, which is a bummer. Please fix and backport to LTS.


More information about the Development mailing list