SSL namespace: Add enum to disable SSL session sharing
There is already an enum to disable SSL session tickets, which has been used to disable session sharing for now. However, SSL session sharing is not the same as SSL session tickets: Session sharing is built into the SSL protocol, while session tickets is a TLS extension (RFC 5077). Change-Id: If76b99c94b346cfb00e47366e66098f6334fd9bc Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
parent
c5a3cfa488
commit
7df16fb4cc
@ -161,6 +161,8 @@ QT_BEGIN_NAMESPACE
|
||||
mechanism for renegotiating the connection parameters. When enabled, this
|
||||
option can allow connections for legacy servers, but it introduces the
|
||||
possibility that an attacker could inject plaintext into the SSL session.
|
||||
\value SslOptionDisableSessionSharing Disables SSL session sharing via
|
||||
the session ID handshake attribute.
|
||||
|
||||
By default, SslOptionDisableEmptyFragments is turned on since this causes
|
||||
problems with a large number of servers. SslOptionDisableLegacyRenegotiation
|
||||
|
@ -95,7 +95,8 @@ namespace QSsl {
|
||||
SslOptionDisableSessionTickets = 0x02,
|
||||
SslOptionDisableCompression = 0x04,
|
||||
SslOptionDisableServerNameIndication = 0x08,
|
||||
SslOptionDisableLegacyRenegotiation = 0x10
|
||||
SslOptionDisableLegacyRenegotiation = 0x10,
|
||||
SslOptionDisableSessionSharing = 0x20
|
||||
};
|
||||
Q_DECLARE_FLAGS(SslOptions, SslOption)
|
||||
}
|
||||
|
@ -1439,7 +1439,7 @@ void QSslSocketBackendPrivate::continueHandshake()
|
||||
#endif
|
||||
|
||||
// Cache this SSL session inside the QSslContext
|
||||
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) {
|
||||
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) {
|
||||
if (!sslContextPointer->cacheSession(ssl))
|
||||
sslContextPointer.clear(); // we could not cache the session
|
||||
}
|
||||
|
@ -5920,7 +5920,7 @@ void tst_QNetworkReply::sslSessionSharing()
|
||||
warmupRequest.setAttribute(QNetworkRequest::User, sessionSharingEnabled); // so we can read it from the slot
|
||||
if (! sessionSharingEnabled) {
|
||||
QSslConfiguration configuration(QSslConfiguration::defaultConfiguration());
|
||||
configuration.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
|
||||
configuration.setSslOption(QSsl::SslOptionDisableSessionSharing, true);
|
||||
warmupRequest.setSslConfiguration(configuration);
|
||||
}
|
||||
QNetworkReply *reply = manager.get(warmupRequest);
|
||||
|
Loading…
x
Reference in New Issue
Block a user