[Qt-interest] QSslSocket - how to enable only SslV3 and TlsV1 support
Darren Lissimore
darren.lissimore at gmail.com
Wed Jul 14 21:29:23 CEST 2010
Hi All;
I would like to know if it's possible to get a QSslSocket to use
either SslV3 or TlsV1 and not SslV2.
Right now you can use the Qssl::AnyProtocol - which when using the
OpenSSL backend permits all three protocols.
With SslV2 being a security risk, I would like to remove the SslV2 support.
Using OpenSSL I would use the SSL_OP_NO_SSLv2 with either the
SSL_CTX_set_options() or SSL_set_options() functions.
Both of these require access to the CTX. Ergo my question;
Is there a clean way to prevent a QSslSocket from using SslV2 - yet
permit it to use the other 2?
I was thinking of trying to hack another entry into the
QSsl::SslProtocol for NotSslV2
and then trying to surface that functionality in the backend classes
... unless someone has a brighter idea.
The ability to lockout SslV2 use should be a priority due to the security risk.
Has any work been done on this already ?
Thanks;
Darren
-----------------------------------------------------------
D. Lissimore Cell: 250-619-4039
http://www.darrenlissimore.com
Skype: darrenlissimore
-----------------------------------------------------------
More information about the Qt-interest-old
mailing list