D16344: Do not try to fallback to "less secure" protocols

Andrius Štikonas noreply at phabricator.kde.org
Sat Oct 27 00:06:19 BST 2018


stikonas accepted this revision.
stikonas added a comment.
This revision is now accepted and ready to land.


  
  
  In D16344#349054 <https://phabricator.kde.org/D16344#349054>, @aacid wrote:
  
  > In D16344#348985 <https://phabricator.kde.org/D16344#348985>, @stikonas wrote:
  >
  > > Can you confirm that it works with TLSv1.2 only sites? (e.g. https://stikonas.eu:5281/admin/). Ideally we should  test with TLSv1.3 too.
  >
  >
  > Yes, it works. And https://tls13.crypto.mozilla.org/ works too (on Konqueror using KHTML, sadly not on falkon because i guess it doesn't use the kioslave infrastructure, but that's a different story i guess)
  
  
  Thanks for testing. Yes, we definitely want to support TLS 1.0.
  
  Is it just me or that Qt description of their QSsl enums is a bit confusing. Presumably QSsl::SecureProtocols mean works with TLS 1.0 or later now but can be restricted to higher protocols in the future if TLS 1.0 is found to be insecure. But that's not what description of QSsl::SecureProtocols says. They refer to TlsV1Ssl3 which I guess is misspelled TlsV1SslV3...

REPOSITORY
  R241 KIO

BRANCH
  master

REVISION DETAIL
  https://phabricator.kde.org/D16344

To: aacid, stikonas
Cc: jtamate, carewolf, dfaure, stikonas, kde-frameworks-devel, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20181026/ce5411f5/attachment.html>


More information about the Kde-frameworks-devel mailing list