By default, SslOptionDisableEmptyFragments is turned on since this causes
problems with a large number of servers. SslOptionDisableLegacyRenegotiation
- is also turned on, since it introduces a security risk. The other options
- are turned off.
+ is also turned on, since it introduces a security risk.
+ SslOptionDisableCompression is turned on to prevent the attack publicised by
+ CRIME. The other options are turned off.
Note: Availability of above options depends on the version of the SSL
backend in use.
d->privateKey.isNull() &&
d->peerCertificate.isNull() &&
d->peerCertificateChain.count() == 0 &&
- d->sslOptions == (QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation));
+ d->sslOptions == ( QSsl::SslOptionDisableEmptyFragments
+ |QSsl::SslOptionDisableLegacyRenegotiation
+ |QSsl::SslOptionDisableCompression));
}
/*!
: protocol(QSsl::SecureProtocols),
peerVerifyMode(QSslSocket::AutoVerifyPeer),
peerVerifyDepth(0),
- sslOptions(QSsl::SslOptionDisableEmptyFragments|QSsl::SslOptionDisableLegacyRenegotiation)
+ sslOptions(QSsl::SslOptionDisableEmptyFragments
+ |QSsl::SslOptionDisableLegacyRenegotiation
+ |QSsl::SslOptionDisableCompression)
{ }
QSslCertificate peerCertificate;
projects / qt4-x11.git / commitdiff