SSL namespace: Add enum to disable SSL session sharing

There is already an enum to disable SSL session tickets, which has been
used to disable session sharing for now. However, SSL session sharing
is not the same as SSL session tickets: Session sharing is built into
the SSL protocol, while session tickets is a TLS extension (RFC 5077).

Change-Id: If76b99c94b346cfb00e47366e66098f6334fd9bc
Reviewed-by: Richard J. Moore <rich@kde.org>
This commit is contained in:
Peter Hartmann 2013-04-22 10:36:04 +02:00 committed by The Qt Project
parent c5a3cfa488
commit 7df16fb4cc
4 changed files with 6 additions and 3 deletions

View File

@ -161,6 +161,8 @@ QT_BEGIN_NAMESPACE
mechanism for renegotiating the connection parameters. When enabled, this
option can allow connections for legacy servers, but it introduces the
possibility that an attacker could inject plaintext into the SSL session.
\value SslOptionDisableSessionSharing Disables SSL session sharing via
the session ID handshake attribute.
By default, SslOptionDisableEmptyFragments is turned on since this causes
problems with a large number of servers. SslOptionDisableLegacyRenegotiation

View File

@ -95,7 +95,8 @@ namespace QSsl {
SslOptionDisableSessionTickets = 0x02,
SslOptionDisableCompression = 0x04,
SslOptionDisableServerNameIndication = 0x08,
SslOptionDisableLegacyRenegotiation = 0x10
SslOptionDisableLegacyRenegotiation = 0x10,
SslOptionDisableSessionSharing = 0x20
};
Q_DECLARE_FLAGS(SslOptions, SslOption)
}

View File

@ -1439,7 +1439,7 @@ void QSslSocketBackendPrivate::continueHandshake()
#endif
// Cache this SSL session inside the QSslContext
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionTickets)) {
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) {
if (!sslContextPointer->cacheSession(ssl))
sslContextPointer.clear(); // we could not cache the session
}

View File

@ -5920,7 +5920,7 @@ void tst_QNetworkReply::sslSessionSharing()
warmupRequest.setAttribute(QNetworkRequest::User, sessionSharingEnabled); // so we can read it from the slot
if (! sessionSharingEnabled) {
QSslConfiguration configuration(QSslConfiguration::defaultConfiguration());
configuration.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
configuration.setSslOption(QSsl::SslOptionDisableSessionSharing, true);
warmupRequest.setSslConfiguration(configuration);
}
QNetworkReply *reply = manager.get(warmupRequest);