diff options
author | Florian Bruhin <git@the-compiler.org> | 2015-02-25 21:07:03 +0100 |
---|---|---|
committer | Florian Bruhin <git@the-compiler.org> | 2015-03-18 23:13:42 +0100 |
commit | 6fe816008fa43747dfa6596c8cae363ebe6db104 (patch) | |
tree | 7a87a17e405784d7fc822c47812988f940b198c5 | |
parent | 0d1f4c08f64ddda9c839ae173d3627ec95022299 (diff) | |
download | qutebrowser-6fe816008fa43747dfa6596c8cae363ebe6db104.tar.gz qutebrowser-6fe816008fa43747dfa6596c8cae363ebe6db104.zip |
Disable insecure SSL ciphers (< 128bit) for Qt 5.2.
This is only an issue for the users which are stuck on Ubuntu Trusty.
-rw-r--r-- | qutebrowser/app.py | 4 | ||||
-rw-r--r-- | qutebrowser/browser/network/networkmanager.py | 13 |
2 files changed, 15 insertions, 2 deletions
diff --git a/qutebrowser/app.py b/qutebrowser/app.py index 3b5032b5e..aa64b5639 100644 --- a/qutebrowser/app.py +++ b/qutebrowser/app.py @@ -41,7 +41,7 @@ import qutebrowser.resources # pylint: disable=unused-import from qutebrowser.commands import cmdutils, runners from qutebrowser.config import style, config, websettings from qutebrowser.browser import quickmarks, cookies, cache, adblock -from qutebrowser.browser.network import qutescheme, proxy +from qutebrowser.browser.network import qutescheme, proxy, networkmanager from qutebrowser.mainwindow import mainwindow from qutebrowser.misc import crashdialog, readline, ipc, earlyinit from qutebrowser.misc import utilcmds # pylint: disable=unused-import @@ -162,6 +162,8 @@ class Application(QApplication): def _init_modules(self): """Initialize all 'modules' which need to be initialized.""" + log.init.debug("Initializing network...") + networkmanager.init() log.init.debug("Initializing readline-bridge...") readline_bridge = readline.ReadlineBridge() objreg.register('readline-bridge', readline_bridge) diff --git a/qutebrowser/browser/network/networkmanager.py b/qutebrowser/browser/network/networkmanager.py index f80dc6b8b..fb1efd1d1 100644 --- a/qutebrowser/browser/network/networkmanager.py +++ b/qutebrowser/browser/network/networkmanager.py @@ -30,7 +30,7 @@ else: SSL_AVAILABLE = QSslSocket.supportsSsl() from qutebrowser.config import config -from qutebrowser.utils import message, log, usertypes, utils, objreg +from qutebrowser.utils import message, log, usertypes, utils, objreg, qtutils from qutebrowser.browser import cookies from qutebrowser.browser.network import qutescheme, networkreply @@ -38,6 +38,17 @@ from qutebrowser.browser.network import qutescheme, networkreply HOSTBLOCK_ERROR_STRING = '%HOSTBLOCK%' +def init(): + """Disable insecure SSL ciphers on old Qt versions.""" + if SSL_AVAILABLE: + if not qtutils.version_check('5.3.0'): + # Disable weak SSL ciphers. + # See https://codereview.qt-project.org/#/c/75943/ + good_ciphers = [c for c in QSslSocket.supportedCiphers() + if c.usedBits() >= 128] + QSslSocket.setDefaultCiphers(good_ciphers) + + class NetworkManager(QNetworkAccessManager): """Our own QNetworkAccessManager. |