libqt5-qtbase/disable-rc4-ciphers-bnc865241.diff

Index: qtbase-opensource-src-5.5.1/src/network/ssl/qsslsocket_openssl.cpp
===================================================================
--- qtbase-opensource-src-5.5.1.orig/src/network/ssl/qsslsocket_openssl.cpp
+++ qtbase-opensource-src-5.5.1/src/network/ssl/qsslsocket_openssl.cpp
@@ -662,10 +662,13 @@ void QSslSocketPrivate::resetDefaultCiph
                 // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection
                 if (!ciph.name().toLower().startsWith(QLatin1String("adh")) &&
                     !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) &&
-                    !ciph.name().toLower().startsWith(QLatin1String("aecdh")))
+                    !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) {
                     ciphers << ciph;
-                if (ciph.usedBits() >= 128)
-                    defaultCiphers << ciph;
+
+                    if (ciph.usedBits() >= 128 &&
+                        !ciph.encryptionMethod().toLower().startsWith(QLatin1String("rc4")))
+                        defaultCiphers << ciph;
+                }
             }
         }
     }
Accepting request 358747 from KDE:Qt5 - Added 0001-Fix-exclusion-of-anonymous-ciphers.patch from upstream to disable exp-adh and aecdh ciphers. - Added disable-rc4-ciphers-bnc865241.diff to disable RC4 based ciphers which are now considered insecure (bnc#865241) - Added Add-option-to-disable-session-management-by-closing-windows.patch API adition to QSessionManager as first step in resolving kde#354724 and boo#955280 - Update to 5.5.1 (boo#954149) OBS-URL: https://build.opensuse.org/request/show/358747 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtbase?expand=0&rev=50 2016-02-17 10:29:56 +01:00			`Index: qtbase-opensource-src-5.5.1/src/network/ssl/qsslsocket_openssl.cpp`
			`===================================================================`
			`--- qtbase-opensource-src-5.5.1.orig/src/network/ssl/qsslsocket_openssl.cpp`
			`+++ qtbase-opensource-src-5.5.1/src/network/ssl/qsslsocket_openssl.cpp`
			`@@ -662,10 +662,13 @@ void QSslSocketPrivate::resetDefaultCiph`
			`// Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection`
			`if (!ciph.name().toLower().startsWith(QLatin1String("adh")) &&`
			`!ciph.name().toLower().startsWith(QLatin1String("exp-adh")) &&`
			`- !ciph.name().toLower().startsWith(QLatin1String("aecdh")))`
			`+ !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) {`
			`ciphers << ciph;`
			`- if (ciph.usedBits() >= 128)`
			`- defaultCiphers << ciph;`
			`+`
			`+ if (ciph.usedBits() >= 128 &&`
			`+ !ciph.encryptionMethod().toLower().startsWith(QLatin1String("rc4")))`
			`+ defaultCiphers << ciph;`
			`+ }`
			`}`
			`}`
			`}`