[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Question about QSslCipher::protocolString
From: Thomas_Lübking <thomas.luebking () gmail ! com>
Date: 2014-10-20 13:12:51
Message-ID: cda41452-ad17-4a6d-aebc-c8c71597fa29 () gmail ! com
[Download RAW message or body]
On Montag, 20. Oktober 2014 01:13:35 CEST, Thiago Macieira wrote:
> On Sunday 19 October 2014 18:14:36 Thomas Lübking wrote:
> > On Sonntag, 19. Oktober 2014 16:35:35 CEST, Dawit A wrote: ...
>
> This is looking like a Qt bug instead. Can you investigate
> QSslSocket instead?
Hmmm... checking this document:
https://www.openssl.org/docs/apps/ciphers.html
it seems there's no explicit TLSv1.1:
"CIPHER STRINGS
...
TLSv1.2, TLSv1, SSLv3, SSLv2
TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
Note: there are no ciphersuites specific to TLS v1.1."
So
QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) {
...
// ### crude code.
...
else if (protoString == QLatin1String("TLSv1.1"))
ciph.d->protocol = QSsl::TlsV1_1;
...
}
could easily fail for no cipher saying "TLSv1.1"
This maybe also explains why openssl reports the cipher as "DHE-RSA-AES128-SHA" which \
is in "AES ciphersuites from RFC3268, extending TLS v1.0"
Notice that openssl says:
"New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA"
and yet
"Protocol : TLSv1.1"
I assume that the fist string is the result of "SSL_CIPHER_description()", so one \
would be looking for "TLSv1/SSLv3" rather than "TLSv1.1" (and maybe has to check the \
used cipher)?
Cheers,
Thomas
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic