Skip to content
Permalink
Browse files

Output more control channel encryption parameters

As mentioned in #1811 we previously only output the
encryption algorithm as well as the width of the key
in the server information dialog.

This patch adds the encryption protocol, authentication
method and key-exchange method to the dialog. The
wording is similar to what Chrome uses to make it easier
to google.

As the option to retrieve the actual encryption protocol
for the connection was only added in Qt 5.4 we output
"TLS" in clients built with earlier versions as we cannot
know which version we are actually using.

Due to limitations in the information Qt provides us the
current output is far from ideal. To fix that additional
work is requored  which will be done in a followup patch.
  • Loading branch information...
hacst committed Sep 26, 2015
1 parent 13e494c commit e8027bd664cd924acd47070fb434881530685a87
Showing with 53 additions and 1 deletion.
  1. +17 −0 src/Connection.cpp
  2. +2 −0 src/Connection.h
  3. +20 −0 src/SSL.cpp
  4. +1 −0 src/SSL.h
  5. +13 −1 src/mumble/MainWindow.cpp
@@ -39,6 +39,7 @@

#include "Connection.h"
#include "Message.h"
#include "SSL.h"
#include "Mumble.pb.h"


@@ -249,6 +250,22 @@ QSslCipher Connection::sessionCipher() const {
return qtsSocket->sessionCipher();
}

QSsl::SslProtocol Connection::sessionProtocol() const {
#if QT_VERSION >= 0x050400
return qtsSocket->sessionProtocol();
#else
return QSsl::UnknownProtocol; // Cannot determine session cipher. We only know it's some TLS variant
#endif
}

QString Connection::sessionProtocolString() const {
#if QT_VERSION >= 0x050400
return MumbleSSL::protocolToString(sessionProtocol());
#else
return QLatin1String("TLS"); // Cannot determine session cipher. We only know it's some TLS variant
#endif
}

#ifdef Q_OS_WIN
void Connection::setQoS(HANDLE hParentQoS) {
hQoS = hParentQoS;
@@ -96,6 +96,8 @@ class Connection : public QObject {

QList<QSslCertificate> peerCertificateChain() const;
QSslCipher sessionCipher() const;
QSsl::SslProtocol sessionProtocol() const;
QString sessionProtocolString() const;
QHostAddress peerAddress() const;
quint16 peerPort() const;
bool bDisconnectedEmitted;
@@ -250,3 +250,23 @@ void MumbleSSL::addSystemCA() {
}
#endif
}

QString MumbleSSL::protocolToString(QSsl::SslProtocol protocol) {
switch(protocol) {
case QSsl::SslV3: return QLatin1String("SSL 3");
case QSsl::SslV2: return QLatin1String("SSL 2");
#if QT_VERSION >= 0x050000
case QSsl::TlsV1_0: return QLatin1String("TLS 1.0");
case QSsl::TlsV1_1: return QLatin1String("TLS 1.1");
case QSsl::TlsV1_2: return QLatin1String("TLS 1.2");
#else
case QSsl::TlsV1: return QLatin1String("TLS 1.0");
#endif
case QSsl::AnyProtocol: return QLatin1String("AnyProtocol");
#if QT_VERSION >= 0x040800
case QSsl::TlsV1SslV3: return QLatin1String("TlsV1SslV3");
case QSsl::SecureProtocols: return QLatin1String("SecureProtocols");
#endif
case QSsl::UnknownProtocol: return QLatin1String("UnknownProtocol");
}
}
@@ -40,6 +40,7 @@ class MumbleSSL {
static QString defaultOpenSSLCipherString();
static QList<QSslCipher> ciphersFromOpenSSLCipherString(QString cipherString);
static void addSystemCA();
static QString protocolToString(QSsl::SslProtocol protocol);
};

#endif
@@ -1166,12 +1166,24 @@ void MainWindow::on_qaServerInformation_triggered() {

g.sh->getConnectionInfo(host,port,uname,pw);

QString qsControl=tr("<h2>Control channel</h2><p>Encrypted with %1 bit %2<br />%3 ms average latency (%4 deviation)</p><p>Remote host %5 (port %6)</p>").arg(QString::number(qsc.usedBits()),
QString qsControl=tr(
"<h2>Control channel</h2>"
"<p>The connection uses %1.</p>"
"<p>The connection is encrypted using "
"%2, with %3 for "
"message authentication and "
"%4 as the key exchange mechanism.</p>"
"<p>%5 ms average latency (%6 deviation)</p>"
"<p>Remote host %7 (port %8)</p>").arg(
Qt::escape(c->sessionProtocolString()),
Qt::escape(qsc.name()),
Qt::escape(qsc.authenticationMethod()),
Qt::escape(qsc.keyExchangeMethod()),
QString::fromLatin1("%1").arg(boost::accumulators::mean(g.sh->accTCP), 0, 'f', 2),
QString::fromLatin1("%1").arg(sqrt(boost::accumulators::variance(g.sh->accTCP)),0,'f',2),
Qt::escape(host),
QString::number(port));

QString qsVoice, qsCrypt, qsAudio;

if (NetworkConfig::TcpModeEnabled()) {

0 comments on commit e8027bd

Please sign in to comment.
You can’t perform that action at this time.