Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

Modern tls support #12525

Merged
merged 2 commits into from
Aug 31, 2014
Merged

Modern tls support #12525

merged 2 commits into from
Aug 31, 2014

Conversation

zackw
Copy link
Contributor

@zackw zackw commented Aug 31, 2014

Per issue #12524. See commit comments for details.

@zackw
Enable support for modern SSL (ariya#12524).
e8cddbf 
 * --ssl-protocol= option now accepts 'tlsv1.2', 'tlsv1.1', 'tlsv1.0'
   and 'default' as well as the existing 'tlsv1', 'sslv3', and 'any'.

 * The default is now none of the above, but rather QSsl::SecureProtocols,
   which means "whatever subset of ANY is still considered secure and also
   supported by the OpenSSL library in use".  (As of this writing, Qt's idea
   of "still considered secure" includes everything from SSLv3 on up, which
   is technically wrong -- SSLv3 has known breaks -- but we can live with.
   Qt currently doesn't have a way to select "TLSv1.0 and up".)
@zackw
Make ciphersuite selection configurable; match Chromium by default. (a…
f4eb364 
…riya#12524)

New option --ssl-ciphers takes a colon-separated list of OpenSSL
cipher names and sets the client cipher list to exactly that list.

The default for this option is arranged to match Chromium 35, which
has had its cipher selection optimized for the modern Web
(see https://briansmith.org/browser-ciphersuites-01.html for
rationales).  (Newer versions are the same except that they also add
ChaCha20-based ciphersuites, which OpenSSL 1.0.1 hasn't yet picked up.)
@ariya ariya merged commit f4eb364 into ariya:master Aug 31, 2014
@zackw zackw deleted the modern-tls-support branch September 1, 2014 19:28
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zackw @ariya