On Dienstag, 21. Oktober 2014 21:24:33 CEST, Dawit A wrote:
I think this whole problem came about as a result of a misunderstanding? [...] So the protocol string in the cipher is merely a historical information as to when that cipher was first defined and not meant to convey the current connection's protocol!
Fits, since no new ciphers were introduced w/ TLSv1.1
It's however a bit "nasty", since it's not stated explicitly and apparently there's no way to tell the used protocol then (QSslSocket is on "7" which is "QSsl::SecureProtocols", the default)
What this means for the example case of blog.mozilla.org is that a valid TLSv1.1 connection was established using a cipher that was first defined under SSL/TLS protocol SSLv3.
Yes, I can confirm that the test app connects blog.mozilla.com via TLSv1.1 here. (Good reason to check whether one can dump wireshark-gtk for everyday usage: yes, one can ;-) Cheers, Thomas
