On 26 December 2014 at 21:12, Thiago Macieira <thiago.macie...@intel.com>
wrote:

>
> I don't think we need fine-grained detection, but we do need something
> better
> than what we have right now.
>
> My suggestion is to set a level. For example, if you set to TlsV10, then
> you
> get TLS v1.0 and anything newer, existing today or not, and disable
> anything
> older. The client will negotiate the highest version at connection time.
> The
> only reason to disable newer versions is when the server is buggy, but the
> application should not have to care about that. That's OpenSSL's job.
>
>
Hmm, if you set TLS 1.0 you really need to only negotiate TLS 1.0. If not
then if you're connecting to old servers the TLS extensions will lead the
connection to hang. Perhaps what we want is a minimum and maximum version
(though this doesn't map very well to the underlying openssl API).

Cheers

Rich.
_______________________________________________
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Reply via email to