diff options
| author | Richard J. Moore <[email protected]> | 2015-04-18 12:44:30 +0100 |
|---|---|---|
| committer | Richard J. Moore <[email protected]> | 2015-04-25 12:11:05 +0000 |
| commit | 479e84dcbd0d7f1333105c495d7931f1bef3e63b (patch) | |
| tree | 320a25063261bd788532d1a4b93478c6a66984f0 /src | |
| parent | 00f0a4119c2eeec2c2bee1bfbde7b8653d7b7aa9 (diff) | |
Fix exclusion of anonymous ciphers.
Qt attempted to exclude anonymous ciphers since they offer no MITM
protection, but missed export ADH ciphers and AECDH from the exclude
list.
Change-Id: Icdfa9b31643a0e9927010885c7c1d02c42460d79
Reviewed-by: Peter Hartmann <[email protected]>
Diffstat (limited to 'src')
| -rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index 55762c94c75..00e13e449b9 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -662,8 +662,10 @@ void QSslSocketPrivate::resetDefaultCiphers() if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); if (!ciph.isNull()) { - // Unconditionally exclude ADH ciphers since they offer no MITM protection - if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) + // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection + if (!ciph.name().toLower().startsWith(QLatin1String("adh")) && + !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) && + !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) ciphers << ciph; if (ciph.usedBits() >= 128) defaultCiphers << ciph; |