[Development] Incorrect TLS Session Verification on macOS with OrLater Options
Jason A. Donenfeld
Jason at zx2c4.com
Sat Jan 28 00:16:04 CET 2017
Hi,
The file src/network/ssl/qsslsocket_mac.cpp contains a nasty bug
preventing the use of setProtocol(QSsl::TlsV1_2OrLater):
bool QSslSocketBackendPrivate::verifySessionProtocol() const
{
bool protocolOk = false;
if (configuration.protocol == QSsl::AnyProtocol)
protocolOk = true;
else if (configuration.protocol == QSsl::TlsV1SslV3)
protocolOk = (sessionProtocol() >= QSsl::SslV3);
else if (configuration.protocol == QSsl::SecureProtocols)
protocolOk = (sessionProtocol() >= QSsl::TlsV1_0);
else
protocolOk = (sessionProtocol() == configuration.protocol);
return protocolOk;
}
In the else clause, it checks for equality between sessionProtocol()
and the configuration protocol. If the configuration protocol is
*OrLater, this will always be false, and so verification will never
succeed. And indeed, sessionProtocol() never returns an OrLater
response:
switch (protocol) {
case kSSLProtocol2:
return QSsl::SslV2;
case kSSLProtocol3:
return QSsl::SslV3;
case kTLSProtocol1:
return QSsl::TlsV1_0;
case kTLSProtocol11:
return QSsl::TlsV1_1;
case kTLSProtocol12:
return QSsl::TlsV1_2;
default:
return QSsl::UnknownProtocol;
}
The solution is to properly match the OrLaters and use the usual >= comparison.
A current workaround is to hard code the SSL version and not use an
OrLater, which is a bummer. Please fix and backport to LTS.
Thanks,
Jason
More information about the Development
mailing list