Permalink
Browse files

QSslSocket: add TLS 1.1 and TLS 1.2 support.

  • Loading branch information...
mkrautz committed Dec 25, 2014
1 parent 812f3b3 commit a02610cf11395896bb0fd06725bc7545b80bd7fe
Showing with 27 additions and 9 deletions.
  1. +3 −0 src/network/ssl/qssl.cpp
  2. +6 −1 src/network/ssl/qssl.h
  3. +18 −8 src/network/ssl/qsslsocket_openssl.cpp
View
@@ -104,6 +104,9 @@ QT_BEGIN_NAMESPACE
\value SslV3 SSLv3
\value SslV2 SSLv2
\value TlsV1 TLSv1
+ \value TlsV1_0 TLSv1
+ \value TlsV1_1 TLSv1
+ \value TlsV1_2 TLSv1
\value UnknownProtocol The cipher's protocol cannot be determined.
\value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1. This
value is used by QSslSocket only.
View
@@ -76,10 +76,15 @@ namespace QSsl {
enum SslProtocol {
SslV3,
SslV2,
- TlsV1, // ### Qt 5: rename to TlsV1_0 or so
+ TlsV1_0,
+ TlsV1 = TlsV1_0,
AnyProtocol,
TlsV1SslV3,
SecureProtocols,
+
+ TlsV1_1,
+ TlsV1_2,
+
UnknownProtocol = -1
};
@@ -212,7 +212,11 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *ciph
else if (protoString == QLatin1String("SSLv2"))
ciph.d->protocol = QSsl::SslV2;
else if (protoString == QLatin1String("TLSv1"))
- ciph.d->protocol = QSsl::TlsV1;
+ ciph.d->protocol = QSsl::TlsV1_0;
+ else if (protoString == QLatin1String("TLSv1.1"))
+ ciph.d->protocol = QSsl::TlsV1_1;
+ else if (protoString == QLatin1String("TLSv1.2"))
+ ciph.d->protocol = QSsl::TlsV1_2;
if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
@@ -258,7 +262,7 @@ bool QSslSocketBackendPrivate::initSslContext()
{
Q_Q(QSslSocket);
- // Create and initialize SSL context. Accept SSLv2, SSLv3 and TLSv1.
+ // Create and initialize SSL context. Accept SSLv2, SSLv3, TLSv1_0, TLSv1_1 and TLSv1_2.
bool client = (mode == QSslSocket::SslClientMode);
bool reinitialized = false;
@@ -272,17 +276,15 @@ bool QSslSocketBackendPrivate::initSslContext()
#endif
break;
case QSsl::SslV3:
- ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method());
- break;
+ case QSsl::TlsV1_0:
+ case QSsl::TlsV1_1:
+ case QSsl::TlsV1_2:
case QSsl::SecureProtocols: // SslV2 will be disabled below
case QSsl::TlsV1SslV3: // SslV2 will be disabled below
case QSsl::AnyProtocol:
default:
ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
break;
- case QSsl::TlsV1:
- ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
- break;
}
if (!ctx) {
// After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them
@@ -304,6 +306,12 @@ bool QSslSocketBackendPrivate::initSslContext()
long options;
if (configuration.protocol == QSsl::TlsV1SslV3 || configuration.protocol == QSsl::SecureProtocols)
options = SSL_OP_ALL|SSL_OP_NO_SSLv2;
+ else if (configuration.protocol == QSsl::TlsV1)
+ options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
+ else if (configuration.protocol == QSsl::TlsV1_1)
+ options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1;
+ else if (configuration.protocol == QSsl::TlsV1_2)
+ options = SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1;
else
options = SSL_OP_ALL;
@@ -446,7 +454,9 @@ bool QSslSocketBackendPrivate::initSslContext()
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
if ((configuration.protocol == QSsl::TlsV1SslV3 ||
- configuration.protocol == QSsl::TlsV1 ||
+ configuration.protocol == QSsl::TlsV1_0 ||
+ configuration.protocol == QSsl::TlsV1_1 ||
+ configuration.protocol == QSsl::TlsV1_2 ||
configuration.protocol == QSsl::SecureProtocols ||
configuration.protocol == QSsl::AnyProtocol) &&
client && q_SSLeay() >= 0x00090806fL) {

0 comments on commit a02610c

Please sign in to comment.