D16344: Do not try to fallback to "less secure" protocols
Andrius Štikonas
noreply at phabricator.kde.org
Sat Oct 27 00:06:19 BST 2018
stikonas accepted this revision.
stikonas added a comment.
This revision is now accepted and ready to land.
In D16344#349054 <https://phabricator.kde.org/D16344#349054>, @aacid wrote:
> In D16344#348985 <https://phabricator.kde.org/D16344#348985>, @stikonas wrote:
>
> > Can you confirm that it works with TLSv1.2 only sites? (e.g. https://stikonas.eu:5281/admin/). Ideally we should test with TLSv1.3 too.
>
>
> Yes, it works. And https://tls13.crypto.mozilla.org/ works too (on Konqueror using KHTML, sadly not on falkon because i guess it doesn't use the kioslave infrastructure, but that's a different story i guess)
Thanks for testing. Yes, we definitely want to support TLS 1.0.
Is it just me or that Qt description of their QSsl enums is a bit confusing. Presumably QSsl::SecureProtocols mean works with TLS 1.0 or later now but can be restricted to higher protocols in the future if TLS 1.0 is found to be insecure. But that's not what description of QSsl::SecureProtocols says. They refer to TlsV1Ssl3 which I guess is misspelled TlsV1SslV3...
REPOSITORY
R241 KIO
BRANCH
master
REVISION DETAIL
https://phabricator.kde.org/D16344
To: aacid, stikonas
Cc: jtamate, carewolf, dfaure, stikonas, kde-frameworks-devel, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20181026/ce5411f5/attachment.html>
More information about the Kde-frameworks-devel
mailing list