On Sunday 19 October 2014 18:14:36 Thomas Lübking wrote: > On Sonntag, 19. Oktober 2014 16:35:35 CEST, Dawit A wrote: > > protocolString: SSLv3 > > ... > > However if one uses openssl directly, the following information is > > returned: > > > > $ openssl s_client -connect blog.mozilla.org:443 > > > > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA > > ... > > So the negotiated protocol when using openSSL directly is returned as > > TLSv1.1 where as QSslCipher almost always returns SSLv3. My question is > > why > > the negotiated protocol in QSslCipher is different from the one we get > > through openssl directly? > > I get SSLv3 from blog.mozilla.org, but TLSv1.2 from mail.google.com. > > Checking "qDebug() << QSslSocket::defaultCiphers();", > "QSslCipher(name=ECDHE-RSA-AES256-GCM-SHA384, bits=256, proto=TLSv1.2)" is > top of the list here and most SSLv3 variants on the very bottom. > > --> THERE IS NO TLSv1.1 IN THAT LIST, NOR IN "::supportedCiphers()" > > However, I don't know why QSslSocket doesn't provide TLSv1.1 (here)
This is looking like a Qt bug instead. Can you investigate QSslSocket instead? -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358