diff options
| author | Tim Ruffing <crypto@timruffing.de> | 2018-10-05 10:24:52 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2018-11-06 09:03:28 +0100 |
| commit | 0242b5afa4ebb381d3a59a7246348a50d3a7fdbe (patch) | |
| tree | 4d30b2b8cb933ed122b3c0eb5f37e51d7ad1e207 /src/qt | |
| parent | 9e87d82e7f0696a40d08c6e4cff3f040a447ece5 (diff) | |
qt: Revert "Force TLS1.0+ for SSL connections"
This reverts commit 15e26a6a9afe299b9ca6fced73b876644365879b, whose
purpose was to tweak the Qt configuration to force TLS, i.e., to
disable SSLv3, in Qt versions >= 5.5. However, the default behavior
of Qt >= 5.4 is to disable SSLv3 anyway [1], so the configuration
tweak is redundant.
With Qt 5.11.2, the configuration tweak is not only redundant but in
fact provokes a deadlock (#14359) due to Qt 5.11.2 being incompatible
with OpenSSL 1.1.1 [2]. Since the deadlock occurs at the early startup
stage of bitcoin-qt, it renders bitcoin-qt entirely non-functional
when compiled against OpenSSL 1.1.1 and Qt 5.11.2 (and possible future
combinations of OpenSSL and Qt versions).
This commit fixes #14359 by removing the redundant code.
[1] https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3fd2d9eff8c1f948306ee5fbfe364ccded1c4b84
[2] https://bugreports.qt.io/browse/QTBUG-70956
Github-Pull: #14403
Rebased-From: 7d173c4cd1885ff5bcf9e5f8f7f712138dd8a445
Tree-SHA512: 71a34b13202c834c5ca73bcb9b70efff26c34e1aac3b954f098620b62c2be53a8e319929c4764a5b5cc5d0dd163ff70f4eb3a4f1f608363b7d23d1b16b25ddc7
Diffstat (limited to 'src/qt')
| -rw-r--r-- | src/qt/bitcoin.cpp | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/src/qt/bitcoin.cpp b/src/qt/bitcoin.cpp index d3ec67e441..edb6e9bc81 100644 --- a/src/qt/bitcoin.cpp +++ b/src/qt/bitcoin.cpp @@ -50,7 +50,6 @@ #include <QThread> #include <QTimer> #include <QTranslator> -#include <QSslConfiguration> #if defined(QT_STATICPLUGIN) #include <QtPlugin> @@ -576,13 +575,6 @@ int main(int argc, char *argv[]) #ifdef Q_OS_MAC QApplication::setAttribute(Qt::AA_DontShowIconsInMenus); #endif -#if QT_VERSION >= 0x050500 - // Because of the POODLE attack it is recommended to disable SSLv3 (https://disablessl3.com/), - // so set SSL protocols to TLS1.0+. - QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration(); - sslconf.setProtocol(QSsl::TlsV1_0OrLater); - QSslConfiguration::setDefaultConfiguration(sslconf); -#endif // Register meta types used for QMetaObject::invokeMethod qRegisterMetaType< bool* >(); |