Output more control channel encryption parameters

As mentioned in #1811 we previously only output the encryption algorithm as well as the width of the key in the server information dialog. This patch adds the encryption protocol, authentication method and key-exchange method to the dialog. The wording is similar to what Chrome uses to make it easier to google. As the option to retrieve the actual encryption protocol for the connection was only added in Qt 5.4 we output "TLS" in clients built with earlier versions as we cannot know which version we are actually using. Due to limitations in the information Qt provides us the current output is far from ideal. To fix that additional work is requored which will be done in a followup patch.
mumble-voip · Oct 4, 2015 · e8027bd · e8027bd
1 parent 13e494c
commit e8027bd
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 1 deletion.
diff --git a/src/Connection.cpp b/src/Connection.cpp
@@ -39,6 +39,7 @@
 
 #include "Connection.h"
 #include "Message.h"
+#include "SSL.h"
 #include "Mumble.pb.h"
 
 
@@ -249,6 +250,22 @@ QSslCipher Connection::sessionCipher() const {
 	return qtsSocket->sessionCipher();
 }
 
+QSsl::SslProtocol Connection::sessionProtocol() const {
+#if QT_VERSION >= 0x050400
+	return qtsSocket->sessionProtocol();
+#else
+	return QSsl::UnknownProtocol; // Cannot determine session cipher. We only know it's some TLS variant
+#endif
+}
+
+QString Connection::sessionProtocolString() const {
+#if QT_VERSION >= 0x050400
+	return MumbleSSL::protocolToString(sessionProtocol());
+#else
+	return QLatin1String("TLS"); // Cannot determine session cipher. We only know it's some TLS variant
+#endif
+}
+
 #ifdef Q_OS_WIN
 void Connection::setQoS(HANDLE hParentQoS) {
 	hQoS = hParentQoS;

diff --git a/src/Connection.h b/src/Connection.h
@@ -96,6 +96,8 @@ class Connection : public QObject {
 
 		QList<QSslCertificate> peerCertificateChain() const;
 		QSslCipher sessionCipher() const;
+		QSsl::SslProtocol sessionProtocol() const;
+		QString sessionProtocolString() const;
 		QHostAddress peerAddress() const;
 		quint16 peerPort() const;
 		bool bDisconnectedEmitted;

diff --git a/src/SSL.cpp b/src/SSL.cpp
@@ -250,3 +250,23 @@ void MumbleSSL::addSystemCA() {
 	}
 #endif
 }
+
+QString MumbleSSL::protocolToString(QSsl::SslProtocol protocol) {
+	switch(protocol) {
+		case QSsl::SslV3: return QLatin1String("SSL 3");
+		case QSsl::SslV2: return QLatin1String("SSL 2");
+#if QT_VERSION >= 0x050000
+		case QSsl::TlsV1_0: return QLatin1String("TLS 1.0");
+		case QSsl::TlsV1_1: return QLatin1String("TLS 1.1");
+		case QSsl::TlsV1_2: return QLatin1String("TLS 1.2");
+#else
+		case QSsl::TlsV1: return  QLatin1String("TLS 1.0");
+#endif
+		case QSsl::AnyProtocol: return QLatin1String("AnyProtocol");
+#if QT_VERSION >= 0x040800
+		case QSsl::TlsV1SslV3: return QLatin1String("TlsV1SslV3");
+		case QSsl::SecureProtocols: return QLatin1String("SecureProtocols");
+#endif
+		case QSsl::UnknownProtocol: return QLatin1String("UnknownProtocol");
+	}
+}
diff --git a/src/SSL.h b/src/SSL.h
@@ -40,6 +40,7 @@ class MumbleSSL {
 		static QString defaultOpenSSLCipherString();
 		static QList<QSslCipher> ciphersFromOpenSSLCipherString(QString cipherString);
 		static void addSystemCA();
+		static QString protocolToString(QSsl::SslProtocol protocol);
 };
 
 #endif
diff --git a/src/mumble/MainWindow.cpp b/src/mumble/MainWindow.cpp
@@ -1166,12 +1166,24 @@ void MainWindow::on_qaServerInformation_triggered() {
 
 	g.sh->getConnectionInfo(host,port,uname,pw);
 
-	QString qsControl=tr("<h2>Control channel</h2><p>Encrypted with %1 bit %2<br />%3 ms average latency (%4 deviation)</p><p>Remote host %5 (port %6)</p>").arg(QString::number(qsc.usedBits()),
+	QString qsControl=tr(
+	            "<h2>Control channel</h2>"
+	            "<p>The connection uses %1.</p>"
+	            "<p>The connection is encrypted using "
+	            "%2, with %3 for "
+	            "message authentication and "
+	            "%4 as the key exchange mechanism.</p>"
+	            "<p>%5 ms average latency (%6 deviation)</p>"
+	            "<p>Remote host %7 (port %8)</p>").arg(
+	                  Qt::escape(c->sessionProtocolString()),
 	                  Qt::escape(qsc.name()),
+	                  Qt::escape(qsc.authenticationMethod()),
+	                  Qt::escape(qsc.keyExchangeMethod()),
 	                  QString::fromLatin1("%1").arg(boost::accumulators::mean(g.sh->accTCP), 0, 'f', 2),
 	                  QString::fromLatin1("%1").arg(sqrt(boost::accumulators::variance(g.sh->accTCP)),0,'f',2),
 	                  Qt::escape(host),
 	                  QString::number(port));
+
 	QString qsVoice, qsCrypt, qsAudio;
 
 	if (NetworkConfig::TcpModeEnabled()) {