rnhmjoj/qutebrowser
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable insecure SSL ciphers (< 128bit) for Qt 5.2.

Browse Source 
This is only an issue for the users which are stuck on Ubuntu Trusty.
This commit is contained in:
Florian Bruhin 2015-02-25 21:07:03 +01:00
parent 0fcd016427
commit 31d9018fc4
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
qutebrowser/app.py
View File

@ -41,7 +41,7 @@ import qutebrowser.resources # pylint: disable=unused-import
from qutebrowser.commands import cmdutils, runners
from qutebrowser.config import style, config, websettings, configexc
from qutebrowser.browser import quickmarks, cookies, cache, adblock, history
from qutebrowser.browser.network import qutescheme, proxy
from qutebrowser.browser.network import qutescheme, proxy, networkmanager
from qutebrowser.mainwindow import mainwindow
from qutebrowser.misc import (crashdialog, readline, ipc, earlyinit,
savemanager, sessions)
@ -168,6 +168,8 @@ class Application(QApplication):
objreg.register('save-manager', save_manager)
save_manager.add_saveable('window-geometry', self._save_geometry)
save_manager.add_saveable('version', self._save_version)
log.init.debug("Initializing network...")
networkmanager.init()
log.init.debug("Initializing readline-bridge...")
readline_bridge = readline.ReadlineBridge()
objreg.register('readline-bridge', readline_bridge)

13
qutebrowser/browser/network/networkmanager.py
View File

@ -30,7 +30,7 @@ else:
SSL_AVAILABLE = QSslSocket.supportsSsl()
from qutebrowser.config import config
from qutebrowser.utils import message, log, usertypes, utils, objreg
from qutebrowser.utils import message, log, usertypes, utils, objreg, qtutils
from qutebrowser.browser import cookies
from qutebrowser.browser.network import qutescheme, networkreply
@ -38,6 +38,17 @@ from qutebrowser.browser.network import qutescheme, networkreply
HOSTBLOCK_ERROR_STRING = '%HOSTBLOCK%'
def init():
"""Disable insecure SSL ciphers on old Qt versions."""
if SSL_AVAILABLE:
if not qtutils.version_check('5.3.0'):
# Disable weak SSL ciphers.
# See https://codereview.qt-project.org/#/c/75943/
good_ciphers = [c for c in QSslSocket.supportedCiphers()
if c.usedBits() >= 128]
QSslSocket.setDefaultCiphers(good_ciphers)
class NetworkManager(QNetworkAccessManager):
"""Our own QNetworkAccessManager.