qt: Force TLS1.0+ for SSL connections

Github-Pull: #6384 Rebased-From: 15e26a6a9afe299b9ca6fced73b876644365879b
author: Wladimir J. van der Laan <laanwj@gmail.com> 2015-07-06 20:06:16 +0200
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2015-07-24 07:54:58 +0200
commit: 8e5a96908a91131c35fcb119fce8831ec80c61c1 (patch)
tree: 9cb03ff227b8a685b978cdcec9e3105b0c1a531f
parent: e8b87c8f78fd66ebeb10ce5dfcf72b0a5e73f120 (diff)
download: bitcoin-8e5a96908a91131c35fcb119fce8831ec80c61c1.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/qt/bitcoin.cpp b/src/qt/bitcoin.cpp
index ee5cbc2ba8..ec02c4be9f 100644
--- a/src/qt/bitcoin.cpp
+++ b/src/qt/bitcoin.cpp
@@ -48,6 +48,7 @@
 #include <QThread>
 #include <QTimer>
 #include <QTranslator>
+#include <QSslConfiguration>
 
 #if defined(QT_STATICPLUGIN)
 #include <QtPlugin>
@@ -515,6 +516,13 @@ int main(int argc, char *argv[])
 #ifdef Q_OS_MAC
     QApplication::setAttribute(Qt::AA_DontShowIconsInMenus);
 #endif
+#if QT_VERSION >= 0x050500
+    // Because of the POODLE attack it is recommended to disable SSLv3 (https://disablessl3.com/),
+    // so set SSL protocols to TLS1.0+.
+    QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration();
+    sslconf.setProtocol(QSsl::TlsV1_0OrLater);
+    QSslConfiguration::setDefaultConfiguration(sslconf);
+#endif
 
     // Register meta types used for QMetaObject::invokeMethod
     qRegisterMetaType< bool* >();
author	Wladimir J. van der Laan <laanwj@gmail.com>	2015-07-06 20:06:16 +0200
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2015-07-24 07:54:58 +0200
commit	8e5a96908a91131c35fcb119fce8831ec80c61c1 (patch)
tree	9cb03ff227b8a685b978cdcec9e3105b0c1a531f
parent	e8b87c8f78fd66ebeb10ce5dfcf72b0a5e73f120 (diff)
download	bitcoin-8e5a96908a91131c35fcb119fce8831ec80c61c1.tar.xz