qt5-network openssl3 armhf does not support tls1.3
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qtbase-opensource-src (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Qt 5 Network library does not use TLS 1.3 on armhf, and falls back to less secure protocols.
[Test Plan]
1. Create test.cpp with the following contents:
#include <QtCore/
#include <QtCore/QDebug>
#include <QtNetwork/
#include <QtNetwork/
int main(int argc, char **argv) {
QCoreApplic
QSslSocket s;
QSslConfigu
cfg.
s.setSslCon
s.connectTo
s.waitForCo
qDebug() << s.sessionProtoc
return 0;
}
2. Create test.pro with the following contents:
CONFIG += debug warn_all
QT = core network
SOURCES = test.cpp
3. Install qtbase5-dev package.
4. Compile using `qmake && make`.
5. Run the generated ./test executable. It should print 15, not -1.
[Where problems could occur]
It is unlikely to cause issues on 64-bit platforms because long and uint64_t are both 64 bits long. On armhf potential problems may be related to availability of other protocols.
[Original Description]
lsb_release
Description: Ubuntu 22.04 LTS
Release: 22.04
libqt5network5/
libssl3/
the qt5 armhf version shipped with ubuntu jammy has a regression in tls1.3 support (simply missing in runtime).
openssl supports tls1.3, so the underlying library works.
x86_64 is obviously not affected
the short sample applications writes -1 on armhf, 15 on x86_64 (unknown protocol vs tls1.3)
QSslSocket* s = new QSslSocket();
marking it as security since the most secure tls protocol is not used on some platforms
description: | updated |
information type: | Private Security → Public Security |
i think I have a trace where the issue is: openssl. cpp the method is defined as ndPrivate: :setupOpenSslOp tions(QSsl: :SslProtocol protocol, QSsl::SslOptions sslOptions)
openssl3 openssl's options is a uint64_t, but in qsslsocket_
long QSslSocketBacke
long on 64bit platforms is 64 bit long, but on armhf (32bit) it is 32bit.
see /www.openssl. org/docs/ man3.0/ man3/SSL_ CTX_set_ options. html /www.openssl. org/docs/ man1.1. 1/man3/ SSL_CTX_ set_options. html
https:/
vs
https:/
is this already fixed in qt6? the qt5.15 openssl3 is a ubuntu backport, right?