Question about QSslCipher::protocolString

Dawit A adawit at
Sun Oct 19 15:35:35 BST 2014

Both the protocol and protocolString methods in QSslCipher return a
different value than what is expected. For example, in Qt 4.8 if you set
the protocol in QSslSocket to QSsl::TlsV1 and connect to
port 443, you get the following output from QSslCipher:

QSslSocket Information:
protocol: 5

QSslCipher Information:
name: DHE-RSA-AES128-SHA
authenticationmethod: RSA
encryptionMethod: AES(128)
keyExchangeMethod: DH
protocol: 0
protocolString: SSLv3
supportedBits: 128
usedBits: 128

However if one uses openssl directly, the following information is returned:

$ openssl s_client -connect

<certificate snipped>

subject=/C=US/ST=CA/L=Mountain View/O=Mozilla Corporation/CN=
issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
No client certificate CA names sent
SSL handshake has read 3845 bytes and written 522 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1.1
    Cipher    : DHE-RSA-AES128-SHA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1413727556
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

So the negotiated protocol when using openSSL directly is returned as
TLSv1.1 where as QSslCipher almost always returns SSLv3. My question is why
the negotiated protocol in QSslCipher is different from the one we get
through openssl directly? Is the socket protocol a different thing from the
cipher protocol? If so, then what KTcpSocket::negotiatedSslVersionName()
 returns must be wrong as well.

Anyhow, I am asking this because of bug# 340047.

Since tcpslavebase.cpp calls KTcpSocket::negotiatedSslVersionName() which
in turn calls QSslCipher::protocolString() to obtain the SSL protocol used,
the SSL protocol information sent back to the clients is the one from
QSslCipher. Unfortunately that seems to almost always return "SSLv3".

I have attached the program I used to print out the contents of QSslCipher.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_qsslcipher.cpp
Type: text/x-c++src
Size: 1713 bytes
Desc: not available
URL: <>

More information about the kde-core-devel mailing list