On Sun, Dec 28, 2014 at 2:26 PM, Thiago Macieira <thiago.macie...@intel.com> wrote: > On Sunday 28 December 2014 13:11:13 Richard Moore wrote: >> At the moment there are still a lot of SSL accelerators out there with >> these problems. We can probably stop worrying in around a year once all the >> browsers have got around to disabling SSL3 and thereby forcing things to be >> fixed. Currently we will already fail to connect to these servers, but the >> API we provide allows users to implement workarounds in their own code. If >> we change the meaning of the TLSv1 constant in this way then it would no >> longer be possible for them to do this. > > Ah, I see. > > Then we just add to the list: > > TlsV1_0OrLater, > TlsV1_1OrLater, > TlsV1_2OrLater > > When TLS 1.3 comes into existence, we add: > > TlsV1_3, > TlsV1_3OrLater
We'd be fine with either of these proposals. However, I think this proposal would be less surprising to existing users of QSslSocket, so it's the one I'd prefer personally. > Alternatively, we can add a > > /// if major == 0, sets to "Secure Protocols" > void setMinimumTlsVersion(int major, int minor); > int sessionTlsMajorVersion() const; > int sessionTlsMinorVersion() const; > > And deprecate setProtocol. > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel Open Source Technology Center > > _______________________________________________ > Development mailing list > Development@qt-project.org > http://lists.qt-project.org/mailman/listinfo/development _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
