\value SslV2 SSLv2
\value TlsV1_0 TLSv1.0
\value TlsV1 Obsolete, means the same as TlsV1_0
+ \value TlsV1_1 TLSv1.1
+ \value TlsV1_2 TLSv1.2
\value UnknownProtocol The cipher's protocol cannot be determined.
\value AnyProtocol The socket understands SSLv2, SSLv3, and TLSv1.0. This
value is used by QSslSocket only.
#if QT_DEPRECATED_SINCE(5,0)
TlsV1 = TlsV1_0,
#endif
+ TlsV1_1,
+ TlsV1_2,
AnyProtocol,
TlsV1SslV3,
SecureProtocols,
ciph.d->protocol = QSsl::SslV2;
else if (protoString == QLatin1String("TLSv1"))
ciph.d->protocol = QSsl::TlsV1_0;
+ else if (protoString == QLatin1String("TLSv1.1"))
+ ciph.d->protocol = QSsl::TlsV1_1;
+ else if (protoString == QLatin1String("TLSv1.2"))
+ ciph.d->protocol = QSsl::TlsV1_2;
if (descriptionList.at(2).startsWith(QLatin1String("Kx=")))
ciph.d->keyExchangeMethod = descriptionList.at(2).mid(3);
case QSsl::TlsV1_0:
ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method());
break;
+ case QSsl::TlsV1_1:
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method());
+#else
+ ctx = 0; // TLS 1.1 not supported by the system, but chosen deliberately -> error
+#endif
+ break;
+ case QSsl::TlsV1_2:
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method());
+#else
+ ctx = 0; // TLS 1.2 not supported by the system, but chosen deliberately -> error
+#endif
+ break;
}
if (!ctx) {
// After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
if ((configuration.protocol == QSsl::TlsV1SslV3 ||
configuration.protocol == QSsl::TlsV1_0 ||
+ configuration.protocol == QSsl::TlsV1_1 ||
+ configuration.protocol == QSsl::TlsV1_2 ||
configuration.protocol == QSsl::SecureProtocols ||
configuration.protocol == QSsl::AnyProtocol) &&
client && q_SSLeay() >= 0x00090806fL) {
DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return)
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return)
+DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return)
+#endif
#ifndef OPENSSL_NO_SSL2
DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return)
#endif
DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return)
+DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return)
+#endif
#else
DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return)
RESOLVEFUNC(SSLv3_client_method)
RESOLVEFUNC(SSLv23_client_method)
RESOLVEFUNC(TLSv1_client_method)
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ RESOLVEFUNC(TLSv1_1_client_method)
+ RESOLVEFUNC(TLSv1_2_client_method)
+#endif
#ifndef OPENSSL_NO_SSL2
RESOLVEFUNC(SSLv2_server_method)
#endif
RESOLVEFUNC(SSLv3_server_method)
RESOLVEFUNC(SSLv23_server_method)
RESOLVEFUNC(TLSv1_server_method)
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ RESOLVEFUNC(TLSv1_1_server_method)
+ RESOLVEFUNC(TLSv1_2_server_method)
+#endif
RESOLVEFUNC(X509_NAME_entry_count)
RESOLVEFUNC(X509_NAME_get_entry)
RESOLVEFUNC(X509_NAME_ENTRY_get_data)
const SSL_METHOD *q_SSLv3_client_method();
const SSL_METHOD *q_SSLv23_client_method();
const SSL_METHOD *q_TLSv1_client_method();
+const SSL_METHOD *q_TLSv1_1_client_method();
+const SSL_METHOD *q_TLSv1_2_client_method();
const SSL_METHOD *q_SSLv2_server_method();
const SSL_METHOD *q_SSLv3_server_method();
const SSL_METHOD *q_SSLv23_server_method();
const SSL_METHOD *q_TLSv1_server_method();
+const SSL_METHOD *q_TLSv1_1_server_method();
+const SSL_METHOD *q_TLSv1_2_server_method();
#else
SSL_METHOD *q_SSLv2_client_method();
SSL_METHOD *q_SSLv3_client_method();
SSL_METHOD *q_SSLv23_client_method();
SSL_METHOD *q_TLSv1_client_method();
+SSL_METHOD *q_TLSv1_1_client_method();
+SSL_METHOD *q_TLSv1_2_client_method();
SSL_METHOD *q_SSLv2_server_method();
SSL_METHOD *q_SSLv3_server_method();
SSL_METHOD *q_SSLv23_server_method();
SSL_METHOD *q_TLSv1_server_method();
+SSL_METHOD *q_TLSv1_1_server_method();
+SSL_METHOD *q_TLSv1_2_server_method();
#endif
int q_SSL_write(SSL *a, const void *b, int c);
int q_X509_cmp(X509 *a, X509 *b);
QCOMPARE(socket->protocol(), QSsl::SecureProtocols);
{
- // Fluke allows SSLv3.
+ // qt-test-server allows SSLv3.
socket->setProtocol(QSsl::SslV3);
QCOMPARE(socket->protocol(), QSsl::SslV3);
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
socket->abort();
}
{
- // Fluke allows TLSV1.
+ // qt-test-server allows TLSV1.
socket->setProtocol(QSsl::TlsV1_0);
QCOMPARE(socket->protocol(), QSsl::TlsV1_0);
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
QCOMPARE(socket->protocol(), QSsl::TlsV1_0);
socket->abort();
}
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+ {
+ // qt-test-server probably doesn't allow TLSV1.1
+ socket->setProtocol(QSsl::TlsV1_1);
+ QCOMPARE(socket->protocol(), QSsl::TlsV1_1);
+ socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
+ QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));
+ QCOMPARE(socket->protocol(), QSsl::TlsV1_1);
+ socket->abort();
+ QCOMPARE(socket->protocol(), QSsl::TlsV1_1);
+ socket->connectToHost(QtNetworkSettings::serverName(), 443);
+ QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));
+ socket->startClientEncryption();
+ QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));
+ QCOMPARE(socket->protocol(), QSsl::TlsV1_1);
+ socket->abort();
+ }
+ {
+ // qt-test-server probably doesn't allows TLSV1.2
+ socket->setProtocol(QSsl::TlsV1_2);
+ QCOMPARE(socket->protocol(), QSsl::TlsV1_2);
+ socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
+ QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));
+ QCOMPARE(socket->protocol(), QSsl::TlsV1_2);
+ socket->abort();
+ QCOMPARE(socket->protocol(), QSsl::TlsV1_2);
+ socket->connectToHost(QtNetworkSettings::serverName(), 443);
+ QVERIFY2(socket->waitForConnected(), qPrintable(socket->errorString()));
+ socket->startClientEncryption();
+ QVERIFY2(socket->waitForEncrypted(), qPrintable(socket->errorString()));
+ QCOMPARE(socket->protocol(), QSsl::TlsV1_2);
+ socket->abort();
+ }
+#endif
#ifndef OPENSSL_NO_SSL2
{
- // Fluke allows SSLV2.
+ // qt-test-server allows SSLV2.
socket->setProtocol(QSsl::SslV2);
QCOMPARE(socket->protocol(), QSsl::SslV2);
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
}
#endif
{
- // Fluke allows SSLV3, so it allows AnyProtocol.
+ // qt-test-server allows SSLV3, so it allows AnyProtocol.
socket->setProtocol(QSsl::AnyProtocol);
QCOMPARE(socket->protocol(), QSsl::AnyProtocol);
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);
socket->abort();
}
{
- // Fluke allows SSLV3, so it allows NoSslV2
+ // qt-test-server allows SSLV3, so it allows NoSslV2
socket->setProtocol(QSsl::TlsV1SslV3);
QCOMPARE(socket->protocol(), QSsl::TlsV1SslV3);
socket->connectToHostEncrypted(QtNetworkSettings::serverName(), 443);