Question about QSslCipher::protocolString
Thomas Lübking
thomas.luebking at gmail.com
Mon Oct 20 14:12:51 BST 2014
On Montag, 20. Oktober 2014 01:13:35 CEST, Thiago Macieira wrote:
> On Sunday 19 October 2014 18:14:36 Thomas Lübking wrote:
>> On Sonntag, 19. Oktober 2014 16:35:35 CEST, Dawit A wrote: ...
>
> This is looking like a Qt bug instead. Can you investigate
> QSslSocket instead?
Hmmm... checking this document:
https://www.openssl.org/docs/apps/ciphers.html
it seems there's no explicit TLSv1.1:
"CIPHER STRINGS
...
TLSv1.2, TLSv1, SSLv3, SSLv2
TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
Note: there are no ciphersuites specific to TLS v1.1."
So
QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) {
...
// ### crude code.
...
else if (protoString == QLatin1String("TLSv1.1"))
ciph.d->protocol = QSsl::TlsV1_1;
...
}
could easily fail for no cipher saying "TLSv1.1"
This maybe also explains why openssl reports the cipher as "DHE-RSA-AES128-SHA" which is in "AES ciphersuites from RFC3268, extending TLS v1.0"
Notice that openssl says:
"New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA"
and yet
"Protocol : TLSv1.1"
I assume that the fist string is the result of "SSL_CIPHER_description()", so one would be looking for "TLSv1/SSLv3" rather than "TLSv1.1" (and maybe has to check the used cipher)?
Cheers,
Thomas
More information about the kde-core-devel
mailing list