Merge pull request #6384

15e26a6 qt: Force TLS1.0+ for SSL connections (Wladimir J. van der Laan)
10 years ago · 708037fcc7
1 changed files with 8 additions and 0 deletions
--- a/src/qt/bitcoin.cpp
+++ b/src/qt/bitcoin.cpp
@ -48,6 +48,7 @@
				@@ -48,6 +48,7 @@
 #include <QThread>
 #include <QTimer>
 #include <QTranslator>
+#include <QSslConfiguration>

 #if defined(QT_STATICPLUGIN)
 #include <QtPlugin>
@ -515,6 +516,13 @@ int main(int argc, char *argv[])
				@@ -515,6 +516,13 @@ int main(int argc, char *argv[])
 #ifdef Q_OS_MAC
    QApplication::setAttribute(Qt::AA_DontShowIconsInMenus);
 #endif
+#if QT_VERSION >= 0x050500
+    // Because of the POODLE attack it is recommended to disable SSLv3 (https://disablessl3.com/),
+    // so set SSL protocols to TLS1.0+.
+    QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration();
+    sslconf.setProtocol(QSsl::TlsV1_0OrLater);
+    QSslConfiguration::setDefaultConfiguration(sslconf);
+#endif

    // Register meta types used for QMetaObject::invokeMethod
    qRegisterMetaType< bool* >();