Don't include by default ciphers that are not supported

There could be cases (mostly when compiled on old systems, since modern openssl versions don't include such insecure ciphers) in which defaultCiphers included a cipher that wasn't in the supported ciphers list. With this patch we make sure that defaultCiphers is a subset of supportedCiphers Change-Id: I545ea21f5fd3a6ed13b366cdd56a1393233f9fc9 Reviewed-by: Richard J. Moore <rich@kde.org>

Don't include by default ciphers that are not supported
There could be cases (mostly when compiled on old systems, since modern openssl versions don't include such insecure ciphers) in which defaultCiphers included a cipher that wasn't in the supported ciphers list. With this patch we make sure that defaultCiphers is a subset of supportedCiphers Change-Id: I545ea21f5fd3a6ed13b366cdd56a1393233f9fc9 Reviewed-by: Richard J. Moore <rich@kde.org>
063ad1c8 · Antonio Larrosa · Richard J. Moore · 5fe0e41e · 063ad1c8
Commit 063ad1c8 authored 9 years ago by Antonio Larrosa Committed by Richard J. Moore 9 years ago
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -643,10 +643,12 @@ void QSslSocketPrivate::resetDefaultCiphers()
                // Unconditionally exclude ADH and AECDH ciphers since they offer no MITM protection
                if (!ciph.name().toLower().startsWith(QLatin1String("adh")) &&
                    !ciph.name().toLower().startsWith(QLatin1String("exp-adh")) &&
-                    !ciph.name().toLower().startsWith(QLatin1String("aecdh")))
+                    !ciph.name().toLower().startsWith(QLatin1String("aecdh"))) {
                    ciphers << ciph;
-                if (ciph.usedBits() >= 128)
-                    defaultCiphers << ciph;
+                    if (ciph.usedBits() >= 128)
+                        defaultCiphers << ciph;
+                }
            }
        }
    }