[Interest] Qt5 and libressl
René J.V. Bertin
rjvbertin at gmail.com
Sat Nov 14 09:20:23 CET 2015
On Saturday November 14 2015 01:49:16 Allan Sandfeld Jensen wrote:
>> A question that came up in a parallel discussion: why does Qt still support
>> SSL2 and SSL3, or why aren't the respective OPENSSL_NO_SSL* tokens defined
>> by default?
>>
>Because those are defined by OpenSSL and not Qt? If you use an OpenSSL where
OK, that explains why I couldn't find any trace of defining OPENSSL_NO_SSL* in Qt's code.
>they are not defined Qt will still not used SSL2 or SSL3 by default unless you
Yes, I saw that. What can be confusing is when you run a Qt with libraries built on a host where the methods are available but deployed on a host where they are not. You get a warning about missing methods which originates from the RESOLVE_FUNCTION macro, but apparently can be ambiguous.
>force it. If you build with OpenSSL without (which is the most common), you
>can't even force Qt to use it, but it still doesn't change the default.
Still, the actual question was not about those tokens but the fact SSL2 and SSL3 support could still be built in, because (quoting in my own words) "it's been 20 years we know that no software should still be using those".
I'm not a security expert but the answer interests me.
R.
More information about the Interest
mailing list