Browse Source

[WebUI]: exclude insecure ciphers

adaptive-webui-19844
Chocobo1 8 years ago committed by sledgehammer999
parent
commit
f9c39e3dac
No known key found for this signature in database
GPG Key ID: 6E4A2D025B7CC9A2
  1. 26
      src/base/http/server.cpp
  2. 3
      src/base/http/server.h

26
src/base/http/server.cpp

@ -47,6 +47,9 @@ Server::Server(IRequestHandler *requestHandler, QObject *parent) @@ -47,6 +47,9 @@ Server::Server(IRequestHandler *requestHandler, QObject *parent)
#endif
{
setProxy(QNetworkProxy::NoProxy);
#ifndef QT_NO_OPENSSL
QSslSocket::setDefaultCiphers(safeCipherList());
#endif
}
Server::~Server()
@ -103,3 +106,26 @@ void Server::incomingConnection(int socketDescriptor) @@ -103,3 +106,26 @@ void Server::incomingConnection(int socketDescriptor)
serverSocket->deleteLater();
}
}
#ifndef QT_NO_OPENSSL
QList<QSslCipher> Server::safeCipherList() const
{
const QStringList badCiphers = {"idea", "rc4"};
const QList<QSslCipher> allCiphers = QSslSocket::supportedCiphers();
QList<QSslCipher> safeCiphers;
foreach (const QSslCipher &cipher, allCiphers) {
bool isSafe = true;
foreach (const QString &badCipher, badCiphers) {
if (cipher.name().contains(badCipher, Qt::CaseInsensitive)) {
isSafe = false;
break;
}
}
if (isSafe)
safeCiphers += cipher;
}
return safeCiphers;
}
#endif

3
src/base/http/server.h

@ -36,6 +36,7 @@ @@ -36,6 +36,7 @@
#include <QTcpServer>
#ifndef QT_NO_OPENSSL
#include <QSslCertificate>
#include <QSslCipher>
#include <QSslKey>
#endif
@ -68,6 +69,8 @@ namespace Http @@ -68,6 +69,8 @@ namespace Http
#endif
#ifndef QT_NO_OPENSSL
QList<QSslCipher> safeCipherList() const;
bool m_https;
QList<QSslCertificate> m_certificates;
QSslKey m_key;

Loading…
Cancel
Save