Add option to completely disable SSLv3

Enabled by default. See #1493
11 years ago · a640948c3b
parent b1c12998c7
commit a640948c3b
5 changed files with 69 additions and 15 deletions
--- a/src/lib/network/networkmanager.cpp
+++ b/src/lib/network/networkmanager.cpp
@ -73,6 +73,7 @@ NetworkManager::NetworkManager(QObject* parent)
    , m_adblockManager(0)
    , m_ignoreAllWarnings(false)
    , m_disableWeakCiphers(true)
+    , m_disableSSLv3(true)
 {
    connect(this, SIGNAL(authenticationRequired(QNetworkReply*,QAuthenticator*)), this, SLOT(authentication(QNetworkReply*,QAuthenticator*)));
    connect(this, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), this, SLOT(proxyAuthentication(QNetworkProxy,QAuthenticator*)));
@ -176,6 +177,27 @@ void NetworkManager::disableWeakCiphers(bool disable)
    }
 }

+void NetworkManager::disableSSLv3(bool disable)
+{
+    QSsl::SslProtocol tlsProtocol;
+    QSsl::SslProtocol defaultProtocol;
+
+#if QT_VERSION < QT_VERSION_CHECK(4,8,0)
+    tlsProtocol = QSsl::TlsV1;
+    defaultProtocol = QSsl::SslV3;
+#elif QT_VERSION < QT_VERSION_CHECK(5,0,0)
+    tlsProtocol = QSsl::TlsV1;
+    defaultProtocol = QSsl::TlsV1SslV3;
+#else
+    tlsProtocol = QSsl::TlsV1_0;
+    defaultProtocol = QSsl::TlsV1SslV3;
+#endif
+
+    QSslConfiguration config = QSslConfiguration::defaultConfiguration();
+    config.setProtocol(disable ? tlsProtocol : defaultProtocol);
+    QSslConfiguration::setDefaultConfiguration(config);
+}
+
 static inline uint qHash(const QSslCertificate &cert)
 {
    return qHash(cert.toPem());
@ -680,6 +702,18 @@ void NetworkManager::setDisableWeakCiphers(bool state)
    Settings().setValue("SSL-Configuration/DisableWeakCiphers", m_disableWeakCiphers);
 }

+bool NetworkManager::isDisablingSSLv3() const
+{
+    return m_disableSSLv3;
+}
+
+void NetworkManager::setDisableSSLv3(bool state)
+{
+    m_disableSSLv3 = state;
+    disableSSLv3(m_disableSSLv3);
+    Settings().setValue("SSL-Configuration/DisableSSLv3", m_disableSSLv3);
+}
+
 NetworkProxyFactory* NetworkManager::proxyFactory() const
 {
    return m_proxyFactory;
@ -711,9 +745,7 @@ void NetworkManager::saveSettings()
    settings.setValue("CACertPaths", m_certPaths);
    settings.setValue("IgnoreAllSSLWarnings", m_ignoreAllWarnings);
    settings.setValue("DisableWeakCiphers", m_disableWeakCiphers);
-    settings.endGroup();
-
-    settings.beginGroup("Web-Browser-Settings");
+    settings.setValue("DisableSSLv3", m_disableSSLv3);
    settings.endGroup();
 }

@ -724,9 +756,11 @@ void NetworkManager::loadCertificates()
    m_certPaths = settings.value("CACertPaths", QStringList()).toStringList();
    m_ignoreAllWarnings = settings.value("IgnoreAllSSLWarnings", false).toBool();
    m_disableWeakCiphers = settings.value("DisableWeakCiphers", true).toBool();
+    m_disableSSLv3 = settings.value("DisableSSLv3", true).toBool();
    settings.endGroup();

    disableWeakCiphers(m_disableWeakCiphers);
+    disableSSLv3(m_disableSSLv3);

    // CA Certificates
    m_caCerts = QSslSocket::defaultCaCertificates();
--- a/src/lib/network/networkmanager.h
+++ b/src/lib/network/networkmanager.h
@ -55,6 +55,9 @@ public:
    bool isDisablingWeakCiphers() const;
    void setDisableWeakCiphers(bool state);

+    bool isDisablingSSLv3() const;
+    void setDisableSSLv3(bool state);
+
    NetworkProxyFactory* proxyFactory() const;

    bool registerSchemeHandler(const QString &scheme, SchemeHandler* handler);
@ -72,6 +75,7 @@ private slots:

 private:
    void disableWeakCiphers(bool disable);
+    void disableSSLv3(bool disable);

    AdBlockManager* m_adblockManager;
    NetworkProxyFactory* m_proxyFactory;
@ -86,6 +90,7 @@ private:

    bool m_ignoreAllWarnings;
    bool m_disableWeakCiphers;
+    bool m_disableSSLv3;
    bool m_doNotTrack;
    bool m_sendReferer;
 };
--- a/src/lib/preferences/sslmanager.cpp
+++ b/src/lib/preferences/sslmanager.cpp
@ -52,11 +52,13 @@ SSLManager::SSLManager(QWidget* parent)
    connect(ui->deletePath, SIGNAL(clicked()), this, SLOT(deletePath()));
    connect(ui->ignoreAll, SIGNAL(clicked(bool)), this, SLOT(ignoreAll(bool)));
    connect(ui->disableWeakCiphers, SIGNAL(clicked(bool)), this, SLOT(disableWeakCiphers(bool)));
+    connect(ui->disableSSLv3, SIGNAL(clicked(bool)), this, SLOT(disableSSLv3(bool)));

    connect(ui->buttonBox, SIGNAL(clicked(QAbstractButton*)), this, SLOT(close()));

    // Settings
    ui->disableWeakCiphers->setChecked(mApp->networkManager()->isDisablingWeakCiphers());
+    ui->disableSSLv3->setChecked(mApp->networkManager()->isDisablingSSLv3());
    ui->ignoreAll->setChecked(mApp->networkManager()->isIgnoringAllWarnings());
 }

@ -200,6 +202,11 @@ void SSLManager::disableWeakCiphers(bool state)
    mApp->networkManager()->setDisableWeakCiphers(state);
 }

+void SSLManager::disableSSLv3(bool state)
+{
+    mApp->networkManager()->setDisableSSLv3(state);
+}
+
 void SSLManager::closeEvent(QCloseEvent* e)
 {
    QStringList paths;
--- a/src/lib/preferences/sslmanager.h
+++ b/src/lib/preferences/sslmanager.h
@ -44,6 +44,7 @@ private slots:
    void deleteCertificate();
    void ignoreAll(bool state);
    void disableWeakCiphers(bool state);
+    void disableSSLv3(bool state);

    void addPath();
    void deletePath();
--- a/src/lib/preferences/sslmanager.ui
+++ b/src/lib/preferences/sslmanager.ui
@ -172,7 +172,21 @@
       </item>
       <item row="7" column="0" colspan="2">
        <layout class="QGridLayout" name="gridLayout_4">
-         <item row="2" column="1">
+         <item row="2" column="0" colspan="3">
+          <widget class="QCheckBox" name="ignoreAll">
+           <property name="text">
+            <string>Ignore all SSL Warnings</string>
+           </property>
+          </widget>
+         </item>
+         <item row="1" column="0" colspan="3">
+          <widget class="QCheckBox" name="disableWeakCiphers">
+           <property name="text">
+            <string>Disable weak ciphers</string>
+           </property>
+          </widget>
+         </item>
+         <item row="4" column="1">
          <widget class="QLabel" name="label_4">
           <property name="text">
            <string>&lt;b&gt;NOTE:&lt;/b&gt; Setting this option is a high security risk!</string>
@ -182,7 +196,7 @@
           </property>
          </widget>
         </item>
-         <item row="2" column="0">
+         <item row="4" column="0">
          <spacer name="horizontalSpacer">
           <property name="orientation">
            <enum>Qt::Horizontal</enum>
@ -198,7 +212,7 @@
           </property>
          </spacer>
         </item>
-         <item row="2" column="2">
+         <item row="4" column="2">
          <spacer name="horizontalSpacer_2">
           <property name="orientation">
            <enum>Qt::Horizontal</enum>
@ -211,17 +225,10 @@
           </property>
          </spacer>
         </item>
-         <item row="1" column="0" colspan="3">
-          <widget class="QCheckBox" name="ignoreAll">
-           <property name="text">
-            <string>Ignore all SSL Warnings</string>
-           </property>
-          </widget>
-         </item>
         <item row="0" column="0" colspan="3">
-          <widget class="QCheckBox" name="disableWeakCiphers">
+          <widget class="QCheckBox" name="disableSSLv3">
           <property name="text">
-            <string>Disable weak ciphers</string>
+            <string>Disable SSLv3</string>
           </property>
          </widget>
         </item>