AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix exclusion of anonymous ciphers.

Browse Source 
Qt attempted to exclude anonymous ciphers since they offer no MITM
protection, but missed export ADH ciphers and AECDH from the exclude
list.

Change-Id: Icdfa9b31643a0e9927010885c7c1d02c42460d79
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
This commit is contained in:
Richard J. Moore 2015-04-18 12:44:30 +01:00
parent 00f0a4119c
commit 479e84dcbd
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/network/ssl/qsslsocket_openssl.cpp
View File

@ -662,8 +662,10 @@ void QSslSocketPrivate::resetDefaultCiphers()
if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
if (!ciph.isNull()) {
// Unconditionally exclude ADH ciphers since they offer no MITM protection
if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
// Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection
if (!ciph.name().toLower().startsWith(QLatin1String("adh")) &&
!ciph.name().toLower().startsWith(QLatin1String("exp-adh")) &&
!ciph.name().toLower().startsWith(QLatin1String("aecdh")))
ciphers << ciph;
if (ciph.usedBits() >= 128)
defaultCiphers << ciph;