forked from pool/libqt5-qtbase
0a13522eeb
- Added 0001-Fix-exclusion-of-anonymous-ciphers.patch from upstream to disable exp-adh and aecdh ciphers. - Added disable-rc4-ciphers-bnc865241.diff to disable RC4 based ciphers which are now considered insecure (bnc#865241) - Added Add-option-to-disable-session-management-by-closing-windows.patch API adition to QSessionManager as first step in resolving kde#354724 and boo#955280 - Update to 5.5.1 (boo#954149) OBS-URL: https://build.opensuse.org/request/show/358747 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtbase?expand=0&rev=50
36 lines
1.7 KiB
Diff
36 lines
1.7 KiB
Diff
From 479e84dcbd0d7f1333105c495d7931f1bef3e63b Mon Sep 17 00:00:00 2001
|
|
From: "Richard J. Moore" <rich@kde.org>
|
|
Date: Sat, 18 Apr 2015 12:44:30 +0100
|
|
Subject: [PATCH] Fix exclusion of anonymous ciphers.
|
|
|
|
Qt attempted to exclude anonymous ciphers since they offer no MITM
|
|
protection, but missed export ADH ciphers and AECDH from the exclude
|
|
list.
|
|
|
|
Change-Id: Icdfa9b31643a0e9927010885c7c1d02c42460d79
|
|
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
|
|
---
|
|
src/network/ssl/qsslsocket_openssl.cpp | 6 ++++--
|
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
|
|
index 55762c9..00e13e4 100644
|
|
--- a/src/network/ssl/qsslsocket_openssl.cpp
|
|
+++ b/src/network/ssl/qsslsocket_openssl.cpp
|
|
@@ -662,8 +662,10 @@ void QSslSocketPrivate::resetDefaultCiphers()
|
|
if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
|
|
QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
|
|
if (!ciph.isNull()) {
|
|
- // Unconditionally exclude ADH ciphers since they offer no MITM protection
|
|
- if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
|
|
+ // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection
|
|
+ if (!ciph.name().toLower().startsWith(QLatin1String("adh")) &&
|
|
+ !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) &&
|
|
+ !ciph.name().toLower().startsWith(QLatin1String("aecdh")))
|
|
ciphers << ciph;
|
|
if (ciph.usedBits() >= 128)
|
|
defaultCiphers << ciph;
|
|
--
|
|
2.6.2
|
|
|