I've opened a code review for adding TlsV1_0OrLater and friends at: https://codereview.qt-project.org/#/c/106080/
We obviously haven't reached agreement on the actual API for this, but as I said, we're pretty happy with the 'OrLater' variant, which the patchset implements. Hopefully, the patchset gives a better overview of the changes involved. Rudimentary (as much as possible) support for WinRT is available in the patchset. SecureTransport should be easy to add, since it uses a (min, max) protocol range... On Fri, Jan 16, 2015 at 3:16 PM, Mikkel Krautz <[email protected]> wrote: > On Sun, Dec 28, 2014 at 2:26 PM, Thiago Macieira > <[email protected]> wrote: >> On Sunday 28 December 2014 13:11:13 Richard Moore wrote: >>> At the moment there are still a lot of SSL accelerators out there with >>> these problems. We can probably stop worrying in around a year once all the >>> browsers have got around to disabling SSL3 and thereby forcing things to be >>> fixed. Currently we will already fail to connect to these servers, but the >>> API we provide allows users to implement workarounds in their own code. If >>> we change the meaning of the TLSv1 constant in this way then it would no >>> longer be possible for them to do this. >> >> Ah, I see. >> >> Then we just add to the list: >> >> TlsV1_0OrLater, >> TlsV1_1OrLater, >> TlsV1_2OrLater >> >> When TLS 1.3 comes into existence, we add: >> >> TlsV1_3, >> TlsV1_3OrLater > > We'd be fine with either of these proposals. > > However, I think this proposal would be less surprising to existing > users of QSslSocket, so it's the one I'd prefer personally. > >> Alternatively, we can add a >> >> /// if major == 0, sets to "Secure Protocols" >> void setMinimumTlsVersion(int major, int minor); >> int sessionTlsMajorVersion() const; >> int sessionTlsMinorVersion() const; >> >> And deprecate setProtocol. >> -- >> Thiago Macieira - thiago.macieira (AT) intel.com >> Software Architect - Intel Open Source Technology Center >> >> _______________________________________________ >> Development mailing list >> [email protected] >> http://lists.qt-project.org/mailman/listinfo/development _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
