[Qt-interest] QSslSocket - how to enable only SslV3 and TlsV1 support
Jason H
scorp1us at yahoo.com
Thu Jul 15 00:01:14 CEST 2010
This defiantly would be handy... Thus far, I accept Any, but check it and drop
it if it is SslV2
----- Original Message ----
From: Darren Lissimore <darren.lissimore at gmail.com>
To: "qt-interest at trolltech.com" <qt-interest at trolltech.com>
Sent: Wed, July 14, 2010 3:29:23 PM
Subject: [Qt-interest] QSslSocket - how to enable only SslV3 and TlsV1 support
Hi All;
I would like to know if it's possible to get a QSslSocket to use
either SslV3 or TlsV1 and not SslV2.
Right now you can use the Qssl::AnyProtocol - which when using the
OpenSSL backend permits all three protocols.
With SslV2 being a security risk, I would like to remove the SslV2 support.
Using OpenSSL I would use the SSL_OP_NO_SSLv2 with either the
SSL_CTX_set_options() or SSL_set_options() functions.
Both of these require access to the CTX. Ergo my question;
Is there a clean way to prevent a QSslSocket from using SslV2 - yet
permit it to use the other 2?
I was thinking of trying to hack another entry into the
QSsl::SslProtocol for NotSslV2
and then trying to surface that functionality in the backend classes
... unless someone has a brighter idea.
The ability to lockout SslV2 use should be a priority due to the security risk.
Has any work been done on this already ?
Thanks;
Darren
-----------------------------------------------------------
D. Lissimore Cell: 250-619-4039
http://www.darrenlissimore.com
Skype: darrenlissimore
-----------------------------------------------------------
_______________________________________________
Qt-interest mailing list
Qt-interest at trolltech.com
http://lists.trolltech.com/mailman/listinfo/qt-interest
More information about the Qt-interest-old
mailing list