Question about QSslCipher::protocolString

Thomas Lübking thomas.luebking at
Mon Oct 20 14:12:51 BST 2014

On Montag, 20. Oktober 2014 01:13:35 CEST, Thiago Macieira wrote:
> On Sunday 19 October 2014 18:14:36 Thomas Lübking wrote:
>> On Sonntag, 19. Oktober 2014 16:35:35 CEST, Dawit A wrote: ...
> This is looking like a Qt bug instead. Can you investigate 
> QSslSocket instead?
Hmmm... checking this document:
it seems there's no explicit TLSv1.1:

TLSv1.2, TLSv1, SSLv3, SSLv2
TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
Note: there are no ciphersuites specific to TLS v1.1."

QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) {
// ### crude code.
else if (protoString == QLatin1String("TLSv1.1"))
            ciph.d->protocol = QSsl::TlsV1_1;

could easily fail for no cipher saying "TLSv1.1"

This maybe also explains why openssl reports the cipher as "DHE-RSA-AES128-SHA" which is in "AES ciphersuites from RFC3268, extending TLS v1.0"

Notice that openssl says:
"New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA"
and yet
"Protocol  : TLSv1.1"

I assume that the fist string is the result of "SSL_CIPHER_description()", so one would be looking for "TLSv1/SSLv3" rather than "TLSv1.1" (and maybe has to check the used cipher)?


More information about the kde-core-devel mailing list