d4708/qBittorrent
1
0
Fork 0
mirror of https://github.com/d47081/qBittorrent.git synced 2025-01-25 22:14:32 +00:00
Code Issues Projects Releases Wiki Activity

[WebUI]: exclude insecure ciphers

Browse Source
This commit is contained in:
Chocobo1 2017-02-05 15:00:58 +08:00 committed by sledgehammer999
parent 84bc011df5
commit f9c39e3dac
No known key found for this signature in database
GPG Key ID: 6E4A2D025B7CC9A2
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/base/http/server.cpp
View File

@ -47,6 +47,9 @@ Server::Server(IRequestHandler *requestHandler, QObject *parent)
#endif #endif
{ {
setProxy(QNetworkProxy::NoProxy); setProxy(QNetworkProxy::NoProxy);
#ifndef QT_NO_OPENSSL
QSslSocket::setDefaultCiphers(safeCipherList());
#endif
} }
Server::~Server() Server::~Server()
@ -103,3 +106,26 @@ void Server::incomingConnection(int socketDescriptor)
serverSocket->deleteLater(); serverSocket->deleteLater();
} }
} }
#ifndef QT_NO_OPENSSL
QList<QSslCipher> Server::safeCipherList() const
{
const QStringList badCiphers = {"idea", "rc4"};
const QList<QSslCipher> allCiphers = QSslSocket::supportedCiphers();
QList<QSslCipher> safeCiphers;
foreach (const QSslCipher &cipher, allCiphers) {
bool isSafe = true;
foreach (const QString &badCipher, badCiphers) {
if (cipher.name().contains(badCipher, Qt::CaseInsensitive)) {
isSafe = false;
break;
}
}
if (isSafe)
safeCiphers += cipher;
}
return safeCiphers;
}
#endif

3
src/base/http/server.h
View File

@ -36,6 +36,7 @@
#include <QTcpServer> #include <QTcpServer>
#ifndef QT_NO_OPENSSL #ifndef QT_NO_OPENSSL
#include <QSslCertificate> #include <QSslCertificate>
#include <QSslCipher>
#include <QSslKey> #include <QSslKey>
#endif #endif
@ -68,6 +69,8 @@ namespace Http
#endif #endif
#ifndef QT_NO_OPENSSL #ifndef QT_NO_OPENSSL
QList<QSslCipher> safeCipherList() const;
bool m_https; bool m_https;
QList<QSslCertificate> m_certificates; QList<QSslCertificate> m_certificates;
QSslKey m_key; QSslKey m_key;