> Am 21.09.2016 um 20:01 schrieb Thiago Macieira <thiago.macie...@intel.com>:
>
>> On quarta-feira, 21 de setembro de 2016 19:52:45 PDT Jason H wrote:
>> I am on OSX 10.11.5. I've been using SSL successfully for a while, and I
>> fell into a habit of ignoring qt.network.ssl warnings: qt.network.ssl:
>> ...
>>
>> But it seems now TLS is no longer working at all. I can't do any work
>> because everything happens over SSL, specifically TLSv1_2.
>>
>> Does anyone know how I can fix (not hide) these issues?
>
> Option 1) upgrade OpenSSL
Just to add to this: using OpenSSL on OS X/macOS is highly discouraged by Apple
these days.
The stock version is some stoneage 0.9.8zf version, and recent Xcode/platform
SDKs don't even ship with OpenSSL headers:
https://forums.developer.apple.com/thread/3897
"Since the version of openssl shipping with El Capitan is 0.9.8zf, it's not
much use anyway since it doesn't include TLS 1.2."
and
"Sadly, it looks like we're not supposed to use it any more. As you say, it's
included in the 10.10 SDK, but is deliberately missing from the 10.11 SDK."
So you need to build your own OpenSSL library from its latest sources and
bundle it with your application. Taking the responsibility to update your
application each time a critical error is found in OpenSSL.
>
> Option 2) use the native backend (SecureTransport) for SSL, not OpenSSL.
> SecureTransport is the default in Qt 5.6.
On the other hand if you do as Thiago suggests (and I join in here), then the
OS vendor takes care of keeping a security relevant component up to date,
namely SecureTransport.
Cheers,
Oliver
_______________________________________________
Interest mailing list
Interest@qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest
