media-sound/mumble/files/tls12_strong_ciphers.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

diff --git a/src/Connection.cpp b/src/Connection.cpp
index 5dc7443e..2287f174 100644
--- a/src/Connection.cpp
+++ b/src/Connection.cpp
@@ -27,7 +27,9 @@ Connection::Connection(QObject *p, QSslSocket *qtsSock) : QObject(p) {
 	qtsSocket->setParent(this);
 	iPacketLength = -1;
 	bDisconnectedEmitted = false;
-
+#if QT_VERSION >= 0x050500
+	qtsSocket->setProtocol(QSsl::TlsV1_2OrLater);
+#endif
 	static bool bDeclared = false;
 	if (! bDeclared) {
 		bDeclared = true;
diff --git a/src/SSL.cpp b/src/SSL.cpp
index 7f7e8121..16cddd28 100644
--- a/src/SSL.cpp
+++ b/src/SSL.cpp
@@ -40,7 +40,7 @@ void MumbleSSL::destroy() {
 }
 
 QString MumbleSSL::defaultOpenSSLCipherString() {
-	return QLatin1String("EECDH+AESGCM:EDH+aRSA+AESGCM:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA");
+	return QLatin1String("DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384");
 }
 
 QList<QSslCipher> MumbleSSL::ciphersFromOpenSSLCipherString(QString cipherString) {
diff --git a/src/mumble/ServerHandler.cpp b/src/mumble/ServerHandler.cpp
index 7e30e76a..60c39121 100644
--- a/src/mumble/ServerHandler.cpp
+++ b/src/mumble/ServerHandler.cpp
@@ -335,7 +335,7 @@ void ServerHandler::run() {
 
 
 	#if QT_VERSION >= 0x050500
-		qtsSock->setProtocol(QSsl::TlsV1_0OrLater);
+		qtsSock->setProtocol(QSsl::TlsV1_2OrLater);
 	#elif QT_VERSION >= 0x050400
 		// In Qt 5.4, QSsl::SecureProtocols is equivalent
 		// to "TLSv1.0 or later", which we require.