mirror of
https://invent.kde.org/network/falkon.git
synced 2024-12-20 02:36:34 +01:00
[CertManager] Added option to disable weak ciphers
Closes #1428 Closes #1278
This commit is contained in:
David Rosca
parent
7e7bdf61df
commit
c18b656585
@ -39,13 +39,14 @@
|
||||
#include "schemehandlers/fileschemehandler.h"
|
||||
#include "schemehandlers/ftpschemehandler.h"
|
||||
|
||||
#include <QDir>
|
||||
#include <QFormLayout>
|
||||
#include <QLabel>
|
||||
#include <QLineEdit>
|
||||
#include <QCheckBox>
|
||||
#include <QDialogButtonBox>
|
||||
#include <QNetworkDiskCache>
|
||||
#include <QDir>
|
||||
#include <QSslCipher>
|
||||
#include <QSslSocket>
|
||||
#include <QSslConfiguration>
|
||||
#include <QDateTime>
|
||||
@ -71,6 +72,7 @@ NetworkManager::NetworkManager(QObject* parent)
|
||||
: NetworkManagerProxy(parent)
|
||||
, m_adblockManager(0)
|
||||
, m_ignoreAllWarnings(false)
|
||||
, m_disableWeakCiphers(true)
|
||||
{
|
||||
connect(this, SIGNAL(authenticationRequired(QNetworkReply*,QAuthenticator*)), this, SLOT(authentication(QNetworkReply*,QAuthenticator*)));
|
||||
connect(this, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), this, SLOT(proxyAuthentication(QNetworkProxy,QAuthenticator*)));
|
||||
@ -160,6 +162,26 @@ void NetworkManager::setSSLConfiguration(QNetworkReply* reply)
|
||||
}
|
||||
}
|
||||
|
||||
void NetworkManager::disableWeakCiphers(bool disable)
|
||||
{
|
||||
if (disable) {
|
||||
QStringList blacklist;
|
||||
blacklist << QSL("SRP-AES-256-CBC-SHA") // open to MitM
|
||||
<< QSL("SRP-AES-128-CBC-SHA"); // open to MitM
|
||||
|
||||
// Disable blacklisted ciphers and ciphers with less than 128b key
|
||||
QList<QSslCipher> acceptedCiphers;
|
||||
foreach (const QSslCipher &c, QSslSocket::defaultCiphers()) {
|
||||
if (!blacklist.contains(c.name()) && c.usedBits() >= 128)
|
||||
acceptedCiphers.append(c);
|
||||
}
|
||||
QSslSocket::setDefaultCiphers(acceptedCiphers);
|
||||
}
|
||||
else {
|
||||
QSslSocket::setDefaultCiphers(QSslSocket::supportedCiphers());
|
||||
}
|
||||
}
|
||||
|
||||
static inline uint qHash(const QSslCertificate &cert)
|
||||
{
|
||||
return qHash(cert.toPem());
|
||||
@ -650,14 +672,27 @@ void NetworkManager::addLocalCertificate(const QSslCertificate &cert)
|
||||
}
|
||||
}
|
||||
|
||||
bool NetworkManager::isIgnoringAllWarnings() const
|
||||
{
|
||||
return m_ignoreAllWarnings;
|
||||
}
|
||||
|
||||
void NetworkManager::setIgnoreAllWarnings(bool state)
|
||||
{
|
||||
m_ignoreAllWarnings = state;
|
||||
Settings().setValue("SSL-Configuration/IgnoreAllSSLWarnings", m_ignoreAllWarnings);
|
||||
}
|
||||
|
||||
bool NetworkManager::isIgnoringAllWarnings()
|
||||
bool NetworkManager::isDisablingWeakCiphers() const
|
||||
{
|
||||
return m_ignoreAllWarnings;
|
||||
return m_disableWeakCiphers;
|
||||
}
|
||||
|
||||
void NetworkManager::setDisableWeakCiphers(bool state)
|
||||
{
|
||||
m_disableWeakCiphers = state;
|
||||
disableWeakCiphers(m_disableWeakCiphers);
|
||||
Settings().setValue("SSL-Configuration/DisableWeakCiphers", m_disableWeakCiphers);
|
||||
}
|
||||
|
||||
NetworkProxyFactory* NetworkManager::proxyFactory() const
|
||||
@ -690,6 +725,7 @@ void NetworkManager::saveSettings()
|
||||
settings.beginGroup("SSL-Configuration");
|
||||
settings.setValue("CACertPaths", m_certPaths);
|
||||
settings.setValue("IgnoreAllSSLWarnings", m_ignoreAllWarnings);
|
||||
settings.setValue("DisableWeakCiphers", m_disableWeakCiphers);
|
||||
settings.endGroup();
|
||||
|
||||
settings.beginGroup("Web-Browser-Settings");
|
||||
@ -703,8 +739,11 @@ void NetworkManager::loadCertificates()
|
||||
settings.beginGroup("SSL-Configuration");
|
||||
m_certPaths = settings.value("CACertPaths", QStringList()).toStringList();
|
||||
m_ignoreAllWarnings = settings.value("IgnoreAllSSLWarnings", false).toBool();
|
||||
m_disableWeakCiphers = settings.value("DisableWeakCiphers", true).toBool();
|
||||
settings.endGroup();
|
||||
|
||||
disableWeakCiphers(m_disableWeakCiphers);
|
||||
|
||||
// CA Certificates
|
||||
m_caCerts = QSslSocket::defaultCaCertificates();
|
||||
|
||||
|
||||
@ -49,8 +49,11 @@ public:
|
||||
void setCertificatePaths(const QStringList &paths) { m_certPaths = paths; }
|
||||
QStringList certificatePaths() { return m_certPaths; }
|
||||
|
||||
bool isIgnoringAllWarnings() const;
|
||||
void setIgnoreAllWarnings(bool state);
|
||||
bool isIgnoringAllWarnings();
|
||||
|
||||
bool isDisablingWeakCiphers() const;
|
||||
void setDisableWeakCiphers(bool state);
|
||||
|
||||
NetworkProxyFactory* proxyFactory() const;
|
||||
|
||||
@ -68,6 +71,8 @@ private slots:
|
||||
void setSSLConfiguration(QNetworkReply* reply);
|
||||
|
||||
private:
|
||||
void disableWeakCiphers(bool disable);
|
||||
|
||||
AdBlockManager* m_adblockManager;
|
||||
NetworkProxyFactory* m_proxyFactory;
|
||||
|
||||
@ -81,6 +86,7 @@ private:
|
||||
QByteArray m_acceptLanguage;
|
||||
|
||||
bool m_ignoreAllWarnings;
|
||||
bool m_disableWeakCiphers;
|
||||
bool m_doNotTrack;
|
||||
bool m_sendReferer;
|
||||
};
|
||||
|
||||
@ -50,9 +50,12 @@ SSLManager::SSLManager(QWidget* parent)
|
||||
connect(ui->addPath, SIGNAL(clicked()), this, SLOT(addPath()));
|
||||
connect(ui->deletePath, SIGNAL(clicked()), this, SLOT(deletePath()));
|
||||
connect(ui->ignoreAll, SIGNAL(clicked(bool)), this, SLOT(ignoreAll(bool)));
|
||||
connect(ui->disableWeakCiphers, SIGNAL(clicked(bool)), this, SLOT(disableWeakCiphers(bool)));
|
||||
|
||||
connect(ui->buttonBox, SIGNAL(clicked(QAbstractButton*)), this, SLOT(close()));
|
||||
|
||||
// Settings
|
||||
ui->disableWeakCiphers->setChecked(mApp->networkManager()->isDisablingWeakCiphers());
|
||||
ui->ignoreAll->setChecked(mApp->networkManager()->isIgnoringAllWarnings());
|
||||
}
|
||||
|
||||
@ -191,6 +194,11 @@ void SSLManager::ignoreAll(bool state)
|
||||
mApp->networkManager()->setIgnoreAllWarnings(state);
|
||||
}
|
||||
|
||||
void SSLManager::disableWeakCiphers(bool state)
|
||||
{
|
||||
mApp->networkManager()->setDisableWeakCiphers(state);
|
||||
}
|
||||
|
||||
void SSLManager::closeEvent(QCloseEvent* e)
|
||||
{
|
||||
QStringList paths;
|
||||
|
||||
@ -43,6 +43,7 @@ private slots:
|
||||
|
||||
void deleteCertificate();
|
||||
void ignoreAll(bool state);
|
||||
void disableWeakCiphers(bool state);
|
||||
|
||||
void addPath();
|
||||
void deletePath();
|
||||
|
||||
@ -172,7 +172,7 @@
|
||||
</item>
|
||||
<item row="7" column="0" colspan="2">
|
||||
<layout class="QGridLayout" name="gridLayout_4">
|
||||
<item row="1" column="1">
|
||||
<item row="2" column="1">
|
||||
<widget class="QLabel" name="label_4">
|
||||
<property name="text">
|
||||
<string><b>NOTE:</b> Setting this option is a high security risk!</string>
|
||||
@ -182,7 +182,7 @@
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="1" column="0">
|
||||
<item row="2" column="0">
|
||||
<spacer name="horizontalSpacer">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
@ -198,7 +198,7 @@
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="1" column="2">
|
||||
<item row="2" column="2">
|
||||
<spacer name="horizontalSpacer_2">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
@ -211,13 +211,20 @@
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item row="0" column="0" colspan="3">
|
||||
<item row="1" column="0" colspan="3">
|
||||
<widget class="QCheckBox" name="ignoreAll">
|
||||
<property name="text">
|
||||
<string>Ignore all SSL Warnings</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item row="0" column="0" colspan="3">
|
||||
<widget class="QCheckBox" name="disableWeakCiphers">
|
||||
<property name="text">
|
||||
<string>Disable weak ciphers</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
<item row="6" column="0" colspan="2">
|
||||
|
||||
Loading…
Reference in New Issue
Block a user