Falkon/falkonOfficial
Falkon/falkonOfficial
1
Fork 0
mirror of https://invent.kde.org/network/falkon.git synced 2024-12-20 18:56:34 +01:00
Code Releases Activity

[CertManager] Added option to disable weak ciphers

Browse Source 
Closes #1428
Closes #1278
This commit is contained in:
David Rosca 2014-07-13 19:43:18 +02:00
parent 7e7bdf61df
commit c18b656585
5 changed files with 69 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/lib/network/networkmanager.cpp
View File

@ -39,13 +39,14 @@
#include "schemehandlers/fileschemehandler.h" #include "schemehandlers/fileschemehandler.h"
#include "schemehandlers/ftpschemehandler.h" #include "schemehandlers/ftpschemehandler.h"
#include <QDir>
#include <QFormLayout> #include <QFormLayout>
#include <QLabel> #include <QLabel>
#include <QLineEdit> #include <QLineEdit>
#include <QCheckBox> #include <QCheckBox>
#include <QDialogButtonBox> #include <QDialogButtonBox>
#include <QNetworkDiskCache> #include <QNetworkDiskCache>
#include <QDir> #include <QSslCipher>
#include <QSslSocket> #include <QSslSocket>
#include <QSslConfiguration> #include <QSslConfiguration>
#include <QDateTime> #include <QDateTime>
@ -71,6 +72,7 @@ NetworkManager::NetworkManager(QObject* parent)
: NetworkManagerProxy(parent) : NetworkManagerProxy(parent)
, m_adblockManager(0) , m_adblockManager(0)
, m_ignoreAllWarnings(false) , m_ignoreAllWarnings(false)
, m_disableWeakCiphers(true)
{ {
connect(this, SIGNAL(authenticationRequired(QNetworkReply*,QAuthenticator*)), this, SLOT(authentication(QNetworkReply*,QAuthenticator*))); connect(this, SIGNAL(authenticationRequired(QNetworkReply*,QAuthenticator*)), this, SLOT(authentication(QNetworkReply*,QAuthenticator*)));
connect(this, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), this, SLOT(proxyAuthentication(QNetworkProxy,QAuthenticator*))); connect(this, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)), this, SLOT(proxyAuthentication(QNetworkProxy,QAuthenticator*)));
@ -160,6 +162,26 @@ void NetworkManager::setSSLConfiguration(QNetworkReply* reply)
} }
} }
void NetworkManager::disableWeakCiphers(bool disable)
{
if (disable) {
QStringList blacklist;
blacklist << QSL("SRP-AES-256-CBC-SHA") // open to MitM
<< QSL("SRP-AES-128-CBC-SHA"); // open to MitM
// Disable blacklisted ciphers and ciphers with less than 128b key
QList<QSslCipher> acceptedCiphers;
foreach (const QSslCipher &c, QSslSocket::defaultCiphers()) {
if (!blacklist.contains(c.name()) && c.usedBits() >= 128)
acceptedCiphers.append(c);
}
QSslSocket::setDefaultCiphers(acceptedCiphers);
}
else {
QSslSocket::setDefaultCiphers(QSslSocket::supportedCiphers());
}
}
static inline uint qHash(const QSslCertificate &cert) static inline uint qHash(const QSslCertificate &cert)
{ {
return qHash(cert.toPem()); return qHash(cert.toPem());
@ -650,14 +672,27 @@ void NetworkManager::addLocalCertificate(const QSslCertificate &cert)
} }
} }
bool NetworkManager::isIgnoringAllWarnings() const
{
return m_ignoreAllWarnings;
}
void NetworkManager::setIgnoreAllWarnings(bool state) void NetworkManager::setIgnoreAllWarnings(bool state)
{ {
m_ignoreAllWarnings = state; m_ignoreAllWarnings = state;
Settings().setValue("SSL-Configuration/IgnoreAllSSLWarnings", m_ignoreAllWarnings);
} }
bool NetworkManager::isIgnoringAllWarnings() bool NetworkManager::isDisablingWeakCiphers() const
{ {
return m_ignoreAllWarnings; return m_disableWeakCiphers;
}
void NetworkManager::setDisableWeakCiphers(bool state)
{
m_disableWeakCiphers = state;
disableWeakCiphers(m_disableWeakCiphers);
Settings().setValue("SSL-Configuration/DisableWeakCiphers", m_disableWeakCiphers);
} }
NetworkProxyFactory* NetworkManager::proxyFactory() const NetworkProxyFactory* NetworkManager::proxyFactory() const
@ -690,6 +725,7 @@ void NetworkManager::saveSettings()
settings.beginGroup("SSL-Configuration"); settings.beginGroup("SSL-Configuration");
settings.setValue("CACertPaths", m_certPaths); settings.setValue("CACertPaths", m_certPaths);
settings.setValue("IgnoreAllSSLWarnings", m_ignoreAllWarnings); settings.setValue("IgnoreAllSSLWarnings", m_ignoreAllWarnings);
settings.setValue("DisableWeakCiphers", m_disableWeakCiphers);
settings.endGroup(); settings.endGroup();
settings.beginGroup("Web-Browser-Settings"); settings.beginGroup("Web-Browser-Settings");
@ -703,8 +739,11 @@ void NetworkManager::loadCertificates()
settings.beginGroup("SSL-Configuration"); settings.beginGroup("SSL-Configuration");
m_certPaths = settings.value("CACertPaths", QStringList()).toStringList(); m_certPaths = settings.value("CACertPaths", QStringList()).toStringList();
m_ignoreAllWarnings = settings.value("IgnoreAllSSLWarnings", false).toBool(); m_ignoreAllWarnings = settings.value("IgnoreAllSSLWarnings", false).toBool();
m_disableWeakCiphers = settings.value("DisableWeakCiphers", true).toBool();
settings.endGroup(); settings.endGroup();
disableWeakCiphers(m_disableWeakCiphers);
// CA Certificates // CA Certificates
m_caCerts = QSslSocket::defaultCaCertificates(); m_caCerts = QSslSocket::defaultCaCertificates();

8
src/lib/network/networkmanager.h
View File

@ -49,8 +49,11 @@ public:
void setCertificatePaths(const QStringList &paths) { m_certPaths = paths; } void setCertificatePaths(const QStringList &paths) { m_certPaths = paths; }
QStringList certificatePaths() { return m_certPaths; } QStringList certificatePaths() { return m_certPaths; }
bool isIgnoringAllWarnings() const;
void setIgnoreAllWarnings(bool state); void setIgnoreAllWarnings(bool state);
bool isIgnoringAllWarnings();
bool isDisablingWeakCiphers() const;
void setDisableWeakCiphers(bool state);
NetworkProxyFactory* proxyFactory() const; NetworkProxyFactory* proxyFactory() const;
@ -68,6 +71,8 @@ private slots:
void setSSLConfiguration(QNetworkReply* reply); void setSSLConfiguration(QNetworkReply* reply);
private: private:
void disableWeakCiphers(bool disable);
AdBlockManager* m_adblockManager; AdBlockManager* m_adblockManager;
NetworkProxyFactory* m_proxyFactory; NetworkProxyFactory* m_proxyFactory;
@ -81,6 +86,7 @@ private:
QByteArray m_acceptLanguage; QByteArray m_acceptLanguage;
bool m_ignoreAllWarnings; bool m_ignoreAllWarnings;
bool m_disableWeakCiphers;
bool m_doNotTrack; bool m_doNotTrack;
bool m_sendReferer; bool m_sendReferer;
}; };

8
src/lib/preferences/sslmanager.cpp
View File

@ -50,9 +50,12 @@ SSLManager::SSLManager(QWidget* parent)
connect(ui->addPath, SIGNAL(clicked()), this, SLOT(addPath())); connect(ui->addPath, SIGNAL(clicked()), this, SLOT(addPath()));
connect(ui->deletePath, SIGNAL(clicked()), this, SLOT(deletePath())); connect(ui->deletePath, SIGNAL(clicked()), this, SLOT(deletePath()));
connect(ui->ignoreAll, SIGNAL(clicked(bool)), this, SLOT(ignoreAll(bool))); connect(ui->ignoreAll, SIGNAL(clicked(bool)), this, SLOT(ignoreAll(bool)));
connect(ui->disableWeakCiphers, SIGNAL(clicked(bool)), this, SLOT(disableWeakCiphers(bool)));
connect(ui->buttonBox, SIGNAL(clicked(QAbstractButton*)), this, SLOT(close())); connect(ui->buttonBox, SIGNAL(clicked(QAbstractButton*)), this, SLOT(close()));
// Settings
ui->disableWeakCiphers->setChecked(mApp->networkManager()->isDisablingWeakCiphers());
ui->ignoreAll->setChecked(mApp->networkManager()->isIgnoringAllWarnings()); ui->ignoreAll->setChecked(mApp->networkManager()->isIgnoringAllWarnings());
} }
@ -191,6 +194,11 @@ void SSLManager::ignoreAll(bool state)
mApp->networkManager()->setIgnoreAllWarnings(state); mApp->networkManager()->setIgnoreAllWarnings(state);
} }
void SSLManager::disableWeakCiphers(bool state)
{
mApp->networkManager()->setDisableWeakCiphers(state);
}
void SSLManager::closeEvent(QCloseEvent* e) void SSLManager::closeEvent(QCloseEvent* e)
{ {
QStringList paths; QStringList paths;

1
src/lib/preferences/sslmanager.h
View File

@ -43,6 +43,7 @@ private slots:
void deleteCertificate(); void deleteCertificate();
void ignoreAll(bool state); void ignoreAll(bool state);
void disableWeakCiphers(bool state);
void addPath(); void addPath();
void deletePath(); void deletePath();

15
src/lib/preferences/sslmanager.ui
View File

@ -172,7 +172,7 @@
</item> </item>
<item row="7" column="0" colspan="2"> <item row="7" column="0" colspan="2">
<layout class="QGridLayout" name="gridLayout_4"> <layout class="QGridLayout" name="gridLayout_4">
<item row="1" column="1"> <item row="2" column="1">
<widget class="QLabel" name="label_4"> <widget class="QLabel" name="label_4">
<property name="text"> <property name="text">
<string>&lt;b&gt;NOTE:&lt;/b&gt; Setting this option is a high security risk!</string> <string>&lt;b&gt;NOTE:&lt;/b&gt; Setting this option is a high security risk!</string>
@ -182,7 +182,7 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="1" column="0"> <item row="2" column="0">
<spacer name="horizontalSpacer"> <spacer name="horizontalSpacer">
<property name="orientation"> <property name="orientation">
<enum>Qt::Horizontal</enum> <enum>Qt::Horizontal</enum>
@ -198,7 +198,7 @@
</property> </property>
</spacer> </spacer>
</item> </item>
<item row="1" column="2"> <item row="2" column="2">
<spacer name="horizontalSpacer_2"> <spacer name="horizontalSpacer_2">
<property name="orientation"> <property name="orientation">
<enum>Qt::Horizontal</enum> <enum>Qt::Horizontal</enum>
@ -211,13 +211,20 @@
</property> </property>
</spacer> </spacer>
</item> </item>
<item row="0" column="0" colspan="3"> <item row="1" column="0" colspan="3">
<widget class="QCheckBox" name="ignoreAll"> <widget class="QCheckBox" name="ignoreAll">
<property name="text"> <property name="text">
<string>Ignore all SSL Warnings</string> <string>Ignore all SSL Warnings</string>
</property> </property>
</widget> </widget>
</item> </item>
<item row="0" column="0" colspan="3">
<widget class="QCheckBox" name="disableWeakCiphers">
<property name="text">
<string>Disable weak ciphers</string>
</property>
</widget>
</item>
</layout> </layout>
</item> </item>
<item row="6" column="0" colspan="2"> <item row="6" column="0" colspan="2">