Initially, QSsl in Qt 4.8.1 (released about 13 years ago) used only the maximum of TLS v1.0.
Today is 2022 and Tls v1.0 and v1.1 are being blocked by almost every decent site on the internet.
Qt in QSsl uses the open library openssl.
TLS v1.2 appears in openssl version 1.0.2.
Building the openssl 1.0.2 libraries is not a problem both dynamically and statically (ssleay32.dll/lib, libeay32.dll/lib).
But how to use them in Qt 4.8.1 so that the connection occurs via Tlsv1.2 is not a trivial task (at first glance).
What to do? You need to study the openssl source code to understand how Tls1.2 is called first.
And it turns out that everything is actually not difficult, since the openssl developers did not change the general logic of the sources. Just in the right place in the qsslsocket_openssl.cpp file, you need to create a context for connecting through the appropriate function variant:
- switch (configuration.protocol) {
- case QSsl::SslV2:
- #ifndef OPENSSL_NO_SSL2
- ctx = SSL_CTX_new(client ? SSLv2_client_method() : SSLv2_server_method());
- #else
- ctx = 0; // SSL 2 not supported by the system, but chosen deliberately -> error
- #endif
- break;
- case QSsl::SslV3:
- #ifndef OPENSSL_NO_SSL3 //++
- ctx = SSL_CTX_new(client ? SSLv3_client_method() : SSLv3_server_method());
- #else
- ctx = 0; // SSL 3 not supported by the system, but chosen deliberately -> error
- #endif
- break;
- case QSsl::SecureProtocols: // SslV2 will be disabled below
- case QSsl::TlsV1SslV3: // SslV2 will be disabled below
- case QSsl::AnyProtocol:
- default:
- //--ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method());
- //--ctx = SSL_CTX_new(client ? SSLv23_client_method() : SSLv23_server_method());
- ctx = SSL_CTX_new(client ? TLSv1_2_client_method() : TLSv1_2_server_method());
- break; //++
- case QSsl::TlsV1:
- ctx = SSL_CTX_new(client ? TLSv1_client_method() : TLSv1_server_method());
- break;
- }
In general, and all that is needed.
