Trolltech Home | Qt4-preview-feedback Home | Recent Threads | All Threads | Author | Date
All threads index page 1

Qt4-preview-feedback Archive, May 2007
Default protocol for QSslSocket

• Subject: Default protocol for QSslSocket
• From: Mark Sawle <mark@xxxxxxxxxxxxxx>
• Date: Sat, 12 May 2007 14:29:54 +0100
• Delivered-to: qt4-preview-feedback@trolltech.com
• Dkim-signature: a=rsa-sha1; s=20060406; d=intellegit.com; i=mark@intellegit.com; h=DomainKey-Signature : Received : Date : From : To : Subject : Message-ID : Mail-Followup-To : X-Organization : User-Agent : MIME-Version : Content-Type; t=1178976695; x=1181568695; c=simple/simple; b=E0UL9Y4BpET+GeIkgeO7qLat0gOchK5V1whFvOljt6+ZVnQhRBWoPpWiSlW/+CRVH0jWZOZoEv1Im457s8SnBke9293wart6iqsBCQYNeBPkHjV+JWyKnJfWhv53AHuvy5Sm9/ojUjW+3rnZSJeSuVSNo1FfiwB95cfibM8JWhE= E0UL9Y4BpET+GeIkgeO7qLat0gOchK5V1whFvOljt6+ZVnQhRBWoPpWiSlW/+CRVH0jWZOZoEv1 Im457s8SnBke9293wart6iqsBCQYNeBPkHjV+JWyKnJfWhv53AHuvy5Sm9/ojUjW+3rnZSJeSuV SNo1FfiwB95cfibM8JWhE=
• Domainkey-signature: a=rsa-sha1; q=dns; c=simple; s=20060406; d=intellegit.com; b=pL7F0PGVKnP6xkYybk5XNHw1KCzkAyfojQzaMIoW42RnI5erHwVUwec xCmn1R7AJ6h70sO/Ir/wMnXzoD/AGVkdiwnbGBzw2zImElgaZs0uc/UquFANTfcunBZY7GLsib2 /Xu/AnLG+cFbVoAGAFWybqLURdqC2jYq5CZScF1aU=
• List-help: <mailto:qt4-preview-feedback-request@trolltech.com?subject=help>
• List-post: <mailto:qt4-preview-feedback@trolltech.com>
• List-subscribe: <mailto:qt4-preview-feedback-request@trolltech.com?subject=subscribe>
• List-unsubscribe: <mailto:qt4-preview-feedback-request@trolltech.com?subject=unsubscribe>
• Mail-followup-to: qt4-preview-feedback@xxxxxxxxxxxxx
• Resent-from: qt4-preview-feedback@xxxxxxxxxxxxx
• Resent-message-id: <vEIAIC.A.3SH.dIcRGB@esparsett>
• Resent-sender: qt4-preview-feedback-request@xxxxxxxxxxxxx
• To: qt4-preview-feedback@xxxxxxxxxxxxx

I've just spent some time debugging a handshake problem with QSslSocket
which was caused by the default protocol being SSLv3 only (I now realise
this is documented so a clear case of RTFM on my part :) ).  I presume this
is the most secure option so I commend this, but as a default it would
appear to limit interoperability as I couldn't get the Qt 3 QtSslSocket
Solution to connect to my server using it, nor would KMail from the current
KDE 3.  In view of this, perhaps there's a case for changing the default to
QSslSocket::AnyProtocol.

Failing that, at least I might save somebody else some time by pointing out
you can use QSslSocket::setProtocol(QSslSocket::AnyProtocol) to
simultaneously support TLSv1, SSLv2 and SSLv3.

-- 
 [ signature omitted ] 

• Subject: Re: Default protocol for QSslSocket
• From: Andreas Aardal Hanssen <ahanssen@xxxxxxxxxxxxx>
• Date: Tue, 15 May 2007 09:56:37 +0200
• Delivered-to: qt4-preview-feedback@trolltech.com
• List-help: <mailto:qt4-preview-feedback-request@trolltech.com?subject=help>
• List-post: <mailto:qt4-preview-feedback@trolltech.com>
• List-subscribe: <mailto:qt4-preview-feedback-request@trolltech.com?subject=subscribe>
• List-unsubscribe: <mailto:qt4-preview-feedback-request@trolltech.com?subject=unsubscribe>
• Organization: Trolltech ASA (Oslo Office)
• Resent-from: qt4-preview-feedback@xxxxxxxxxxxxx
• Resent-message-id: <ECoGbB.A.MM.2eWSGB@esparsett>
• Resent-sender: qt4-preview-feedback-request@xxxxxxxxxxxxx
• To: qt4-preview-feedback@xxxxxxxxxxxxx

Mark Sawle wrote:
> KDE 3.  In view of this, perhaps there's a case for changing the default
> to QSslSocket::AnyProtocol.

If AnyProtocol didn't include SSLv2, I would concur. Unfortunately it does,
however, so the most common protocol happens to be SSLv3. It's an
unfortunate, but necessary, default value.

-- 
 [ signature omitted ] 

• Subject: Re: Default protocol for QSslSocket
• From: Mark Sawle <mark@xxxxxxxxxxxxxx>
• Date: Tue, 15 May 2007 10:10:10 +0100
• Delivered-to: qt4-preview-feedback@trolltech.com
• Dkim-signature: a=rsa-sha1; s=20060406; d=intellegit.com; i=mark@intellegit.com; h=DomainKey-Signature : Received : Date : From : To : Subject : Message-ID : In-Reply-To : References : Mail-Followup-To : X-Organization : User-Agent : MIME-Version : Content-Type; t=1179220212; x=1181812212; c=simple/simple; b=u4iwd+jvpO7ogScXBDbzmr1K/O5FTMI1tXNBoemPw8 l9i2VRbdaPQfByCFu50CpwI+0j+q83OVjG5REOqAvAKALQv7DnB/z97256Zv2MXF2AU0obI5LWo oyUJSjSKE8O1teq1AozjeBoiEK25eW9lfAedqIISHYbdEp6v32Dumo=
• Domainkey-signature: a=rsa-sha1; q=dns; c=simple; s=20060406; d=intellegit.com; b=LZCK5VNGgs33GngLPFeBX7R5SdSdIsrxUY9J9r6CGU2vHn9FkaEiVhV +GdXe+dBIc1rhNvcsGJbgPflZwXFexsQGaG+muw8XBezkI8H8NpI25jxZ/X1ix2vcdvn/BZLy8T hoJkASt//+zitg6QwwDjLeSTg139z3XMm1Zs2n3Y4=
• List-help: <mailto:qt4-preview-feedback-request@trolltech.com?subject=help>
• List-post: <mailto:qt4-preview-feedback@trolltech.com>
• List-subscribe: <mailto:qt4-preview-feedback-request@trolltech.com?subject=subscribe>
• List-unsubscribe: <mailto:qt4-preview-feedback-request@trolltech.com?subject=unsubscribe>
• Mail-followup-to: qt4-preview-feedback@xxxxxxxxxxxxx, Mark Sawle <mark@xxxxxxxxxxxxxx>
• Resent-from: qt4-preview-feedback@xxxxxxxxxxxxx
• Resent-message-id: <xEranC.A.3wD.ZlXSGB@esparsett>
• Resent-sender: qt4-preview-feedback-request@xxxxxxxxxxxxx
• To: qt4-preview-feedback@xxxxxxxxxxxxx

Andreas Aardal Hanssen <ahanssen@xxxxxxxxxxxxx> wrote:

> Mark Sawle wrote:
> > KDE 3.  In view of this, perhaps there's a case for changing the default
> > to QSslSocket::AnyProtocol.
> 
> If AnyProtocol didn't include SSLv2, I would concur. Unfortunately it
> does, however, so the most common protocol happens to be SSLv3. It's an
> unfortunate, but necessary, default value.

Fair enough. :)

-- 
 [ signature omitted ]