1
0
forked from pool/libqt5-qtbase
libqt5-qtbase/0001-Fix-exclusion-of-anonymous-ciphers.patch
Dominique Leuenberger 0a13522eeb Accepting request 358747 from KDE:Qt5
- Added 0001-Fix-exclusion-of-anonymous-ciphers.patch from upstream
  to disable exp-adh and aecdh ciphers.
- Added disable-rc4-ciphers-bnc865241.diff to disable RC4 based ciphers
  which are now considered insecure (bnc#865241)

- Added Add-option-to-disable-session-management-by-closing-windows.patch
  API adition to QSessionManager as first step in resolving
  kde#354724 and boo#955280

- Update to 5.5.1 (boo#954149)

OBS-URL: https://build.opensuse.org/request/show/358747
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtbase?expand=0&rev=50
2016-02-17 09:29:56 +00:00

36 lines
1.7 KiB
Diff

From 479e84dcbd0d7f1333105c495d7931f1bef3e63b Mon Sep 17 00:00:00 2001
From: "Richard J. Moore" <rich@kde.org>
Date: Sat, 18 Apr 2015 12:44:30 +0100
Subject: [PATCH] Fix exclusion of anonymous ciphers.
Qt attempted to exclude anonymous ciphers since they offer no MITM
protection, but missed export ADH ciphers and AECDH from the exclude
list.
Change-Id: Icdfa9b31643a0e9927010885c7c1d02c42460d79
Reviewed-by: Peter Hartmann <peter-qt@hartmann.tk>
---
src/network/ssl/qsslsocket_openssl.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 55762c9..00e13e4 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -662,8 +662,10 @@ void QSslSocketPrivate::resetDefaultCiphers()
if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
if (!ciph.isNull()) {
- // Unconditionally exclude ADH ciphers since they offer no MITM protection
- if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
+ // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection
+ if (!ciph.name().toLower().startsWith(QLatin1String("adh")) &&
+ !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) &&
+ !ciph.name().toLower().startsWith(QLatin1String("aecdh")))
ciphers << ciph;
if (ciph.usedBits() >= 128)
defaultCiphers << ciph;
--
2.6.2