QSslSocket: add TLS 1.1 and TLS 1.2 support.

src/network/ssl/qssl.cpp

@@ -104,6 +104,9 @@ QT_BEGIN_NAMESPACE
     \value SslV3 SSLv3
     \value SslV2 SSLv2
     \value TlsV1 TLSv1
+    \value TlsV1_0 TLSv1
+    \value TlsV1_1 TLSv1
+    \value TlsV1_2 TLSv1
     \value UnknownProtocol The cipher's protocol cannot be determined.
     \value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This
     value is used by QSslSocket only.

src/network/ssl/qssl.h

@@ -76,10 +76,15 @@ namespace QSsl {
     enum SslProtocol {
         SslV3,
         SslV2,
-        TlsV1, // ### Qt 5: rename to TlsV1_0 or so
+        TlsV1_0,
+        TlsV1 = TlsV1_0,
         AnyProtocol,
         TlsV1SslV3,
         SecureProtocols,
+
+        TlsV1_1,
+        TlsV1_2,
+
         UnknownProtocol = -1
     };
 

src/network/ssl/qsslsocket_openssl.cpp

@@ -212,7 +212,11 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *ciph
         else if (protoString == QLatin1String("SSLv2"))
             ciph.d->protocol = QSsl::SslV2;
         else if (protoString == QLatin1String("TLSv1"))
-            ciph.d->protocol = QSsl::TlsV1;
+            ciph.d->protocol = QSsl::TlsV1_0;
+        else if (protoString == QLatin1String("TLSv1.1"))
+            ciph.d->protocol = QSsl::TlsV1_1;
+        else if (protoString == QLatin1String("TLSv1.2"))
+            ciph.d->protocol = QSsl::TlsV1_2;
 
         if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
             ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
@@ -258,7 +262,7 @@ bool QSslSocketBackendPrivate::initSslContext()
 {
     Q_Q(QSslSocket);
 
-    // Create and initialize SSL context. Accept SSLv2, SSLv3 and TLSv1.
+    // Create and initialize SSL context. Accept SSLv2, SSLv3, TLSv1_0, TLSv1_1 and TLSv1_2.
     bool client = (mode == QSslSocket::SslClientMode);
 
     bool reinitialized = false;
@@ -272,17 +276,15 @@ bool QSslSocketBackendPrivate::initSslContext()
 #endif
         break;
     case QSsl::SslV3:
-        ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
-        break;
+    case QSsl::TlsV1_0:
+    case QSsl::TlsV1_1:
+    case QSsl::TlsV1_2:
     case QSsl::SecureProtocols: // SslV2 will be disabled below
     case QSsl::TlsV1SslV3: // SslV2 will be disabled below
     case QSsl::AnyProtocol:
     default:
         ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
         break;
-    case QSsl::TlsV1:
-        ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
-        break;
     }
     if (!ctx) {
         // After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them
@@ -304,6 +306,12 @@ bool QSslSocketBackendPrivate::initSslContext()
     long options;
     if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols)
         options = SSL_OP_ALL|SSL_OP_NO_SSLv2;
+    else if (configuration.protocol == QSsl::TlsV1)
+        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
+    else if (configuration.protocol == QSsl::TlsV1_1)
+        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1;
+    else if (configuration.protocol == QSsl::TlsV1_2)
+        options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1;
     else
         options = SSL_OP_ALL;
 
@@ -446,7 +454,9 @@ bool QSslSocketBackendPrivate::initSslContext()
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
     if ((configuration.protocol == QSsl::TlsV1SslV3 ||
-        configuration.protocol == QSsl::TlsV1 ||
+        configuration.protocol == QSsl::TlsV1_0 ||
+        configuration.protocol == QSsl::TlsV1_1 ||
+        configuration.protocol == QSsl::TlsV1_2 ||
         configuration.protocol == QSsl::SecureProtocols ||
         configuration.protocol == QSsl::AnyProtocol) &&
         client && q_SSLeay() >= 0x00090806fL) {