media-sound/mumble/files/tls12_strong_ciphers.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

diff --git a/src/Connection.cpp b/src/Connection.cpp
index 5dc7443e..c7fc968f 100644
--- a/src/Connection.cpp
+++ b/src/Connection.cpp
@@ -25,6 +25,9 @@ HANDLE Connection::hQoS = NULL;
 Connection::Connection(QObject *p, QSslSocket *qtsSock) : QObject(p) {
 	qtsSocket = qtsSock;
 	qtsSocket->setParent(this);
+#if QT_VERSION >= 0x050500
+	qtsSocket->setProtocol(QSsl::TlsV1_2OrLater);
+#endif
 	iPacketLength = -1;
 	bDisconnectedEmitted = false;
 
diff --git a/src/SSL.cpp b/src/SSL.cpp
index 7f7e8121..16cddd28 100644
--- a/src/SSL.cpp
+++ b/src/SSL.cpp
@@ -40,7 +40,7 @@ void MumbleSSL::destroy() {
 }
 
 QString MumbleSSL::defaultOpenSSLCipherString() {
-	return QLatin1String("EECDH+AESGCM:EDH+aRSA+AESGCM:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA");
+	return QLatin1String("DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384");
 }
 
 QList<QSslCipher> MumbleSSL::ciphersFromOpenSSLCipherString(QString cipherString) {