From 31d9018fc488371269f509618ddc8b0b3b804ece Mon Sep 17 00:00:00 2001
From: Florian Bruhin <git@the-compiler.org>
Date: Wed, 25 Feb 2015 21:07:03 +0100
Subject: [PATCH] Disable insecure SSL ciphers (< 128bit) for Qt 5.2.

This is only an issue for the users which are stuck on Ubuntu Trusty.
---
 qutebrowser/app.py                            |  4 +++-
 qutebrowser/browser/network/networkmanager.py | 13 ++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/qutebrowser/app.py b/qutebrowser/app.py
index 1e50d4a71..3b49882ca 100644
--- a/qutebrowser/app.py
+++ b/qutebrowser/app.py
@@ -41,7 +41,7 @@ import qutebrowser.resources  # pylint: disable=unused-import
 from qutebrowser.commands import cmdutils, runners
 from qutebrowser.config import style, config, websettings, configexc
 from qutebrowser.browser import quickmarks, cookies, cache, adblock, history
-from qutebrowser.browser.network import qutescheme, proxy
+from qutebrowser.browser.network import qutescheme, proxy, networkmanager
 from qutebrowser.mainwindow import mainwindow
 from qutebrowser.misc import (crashdialog, readline, ipc, earlyinit,
                               savemanager, sessions)
@@ -168,6 +168,8 @@ class Application(QApplication):
         objreg.register('save-manager', save_manager)
         save_manager.add_saveable('window-geometry', self._save_geometry)
         save_manager.add_saveable('version', self._save_version)
+        log.init.debug("Initializing network...")
+        networkmanager.init()
         log.init.debug("Initializing readline-bridge...")
         readline_bridge = readline.ReadlineBridge()
         objreg.register('readline-bridge', readline_bridge)
diff --git a/qutebrowser/browser/network/networkmanager.py b/qutebrowser/browser/network/networkmanager.py
index 509554dbc..e601607e1 100644
--- a/qutebrowser/browser/network/networkmanager.py
+++ b/qutebrowser/browser/network/networkmanager.py
@@ -30,7 +30,7 @@ else:
     SSL_AVAILABLE = QSslSocket.supportsSsl()
 
 from qutebrowser.config import config
-from qutebrowser.utils import message, log, usertypes, utils, objreg
+from qutebrowser.utils import message, log, usertypes, utils, objreg, qtutils
 from qutebrowser.browser import cookies
 from qutebrowser.browser.network import qutescheme, networkreply
 
@@ -38,6 +38,17 @@ from qutebrowser.browser.network import qutescheme, networkreply
 HOSTBLOCK_ERROR_STRING = '%HOSTBLOCK%'
 
 
+def init():
+    """Disable insecure SSL ciphers on old Qt versions."""
+    if SSL_AVAILABLE:
+        if not qtutils.version_check('5.3.0'):
+            # Disable weak SSL ciphers.
+            # See https://codereview.qt-project.org/#/c/75943/
+            good_ciphers = [c for c in QSslSocket.supportedCiphers()
+                            if c.usedBits() >= 128]
+            QSslSocket.setDefaultCiphers(good_ciphers)
+
+
 class NetworkManager(QNetworkAccessManager):
 
     """Our own QNetworkAccessManager.