[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Question about QSslCipher::protocolString
From: Richard Moore <richmoore44 () gmail ! com>
Date: 2014-10-22 20:11:56
Message-ID: CAMp7mVuStDGfGoVZ+e0bTDHwoTF=c5BO61kk=c1ge08s=KvJZQ () mail ! gmail ! com
[Download RAW message or body]
Yes, this is why I implemented https://codereview.qt-project.org/#/c/80470/
Rich.
On 21 October 2014 23:20, Thomas L=FCbking <thomas.luebking@gmail.com> wrot=
e:
> On Dienstag, 21. Oktober 2014 21:24:33 CEST, Dawit A wrote:
>
>> I think this whole problem came about as a result of a misunderstanding?
>> [...]
>> So the protocol string in the cipher is merely a historical information =
as
>> to when that cipher was first defined and not meant to convey the curren=
t
>> connection's protocol!
>>
> Fits, since no new ciphers were introduced w/ TLSv1.1
>
> It's however a bit "nasty", since it's not stated explicitly and
> apparently there's no way to tell the used protocol then (QSslSocket is o=
n
> "7" which is "QSsl::SecureProtocols", the default)
>
> What this means for the example case of
>> blog.mozilla.org is that a valid TLSv1.1 connection was established
>> using a
>> cipher that was first defined under SSL/TLS protocol SSLv3.
>>
>
> Yes, I can confirm that the test app connects blog.mozilla.com via
> TLSv1.1 here. (Good reason to check whether one can dump wireshark-gtk fo=
r
> everyday usage: yes, one can ;-)
>
> Cheers,
> Thomas
>
>
>
[Attachment #3 (text/html)]
<div dir="ltr">Yes, this is why I implemented <a \
href="https://codereview.qt-project.org/#/c/80470/">https://codereview.qt-project.org/#/c/80470/</a><div><br></div><div>Rich.</div><div><br></div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On 21 October 2014 23:20, Thomas \
Lübking <span dir="ltr"><<a href="mailto:thomas.luebking@gmail.com" \
target="_blank">thomas.luebking@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><span class="">On Dienstag, 21. Oktober 2014 21:24:33 CEST, \
Dawit A wrote:<br> </span><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""> I think this whole \
problem came about as a result of a misunderstanding?<br></span> [...]<span \
class=""><br> So the protocol string in the cipher is merely a historical information \
as<br> to when that cipher was first defined and not meant to convey the current<br>
connection's protocol!<br>
</span></blockquote>
Fits, since no new ciphers were introduced w/ TLSv1.1<br>
<br>
It's however a bit "nasty", since it's not stated explicitly and \
apparently there's no way to tell the used protocol then (QSslSocket is on \
"7" which is "QSsl::SecureProtocols", the default)<span \
class=""><br> <br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> What this means for the example case of<br>
<a href="http://blog.mozilla.org" target="_blank">blog.mozilla.org</a> is that a \
valid TLSv1.1 connection was established using a<br> cipher that was first defined \
under SSL/TLS protocol SSLv3.<br> </blockquote>
<br></span>
Yes, I can confirm that the test app connects <a href="http://blog.mozilla.com" \
target="_blank">blog.mozilla.com</a> via TLSv1.1 here. (Good reason to check whether \
one can dump wireshark-gtk for everyday usage: yes, one can ;-)<br> <br>
Cheers,<br>
Thomas<br>
<br>
<br>
</blockquote></div><br></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic