On 28 December 2014 at 13:26, Thiago Macieira <[email protected]> wrote:
> On Sunday 28 December 2014 13:11:13 Richard Moore wrote: > > At the moment there are still a lot of SSL accelerators out there with > > these problems. We can probably stop worrying in around a year once all > the > > browsers have got around to disabling SSL3 and thereby forcing things to > be > > fixed. Currently we will already fail to connect to these servers, but > the > > API we provide allows users to implement workarounds in their own code. > If > > we change the meaning of the TLSv1 constant in this way then it would no > > longer be possible for them to do this. > > Ah, I see. > > Then we just add to the list: > > TlsV1_0OrLater, > TlsV1_1OrLater, > TlsV1_2OrLater > > When TLS 1.3 comes into existence, we add: > > TlsV1_3, > TlsV1_3OrLater > > I think this is probably the way to go. It's certainly the easiest to implement with the openssl backend. > Alternatively, we can add a > > /// if major == 0, sets to "Secure Protocols" > void setMinimumTlsVersion(int major, int minor); > int sessionTlsMajorVersion() const; > int sessionTlsMinorVersion() const; > > And deprecate setProtocol. > I'd also be okay with this, Cheers Rich.
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
