Is this the right way to set the SSL protocol with QWebPage?

Question

I've been working with SSL in Qt, where I need to set a specific protocol (instead of the default "secure protocols"). It looks like this works:

QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setProtocol(QSsl::TlsV1_0);
QSslConfiguration::setDefaultConfiguration(config);

But it makes me uncomfortable to set the protocol in a global way like this, instead of setting it on the QWebPage or QWebView or something. Am I missing something obvious or is this really the best way to do this? I know I can set it on an SSL socket, but I'm using QtWebKit, and don't have access to the individual sockets.

Answer 1

The way I've found to do this is to extend QNetworkAccessManager and set the protocol in createRequest:

class NetworkAccessManager : public QNetworkAccessManager
{
    Q_OBJECT
public:
    explicit NetworkAccessManager(QObject *parent = 0);

protected:
    virtual QNetworkReply * createRequest(Operation operation, const QNetworkRequest & request, QIODevice * outgoingData = 0) {
        // I have no idea why request is const, but I need to change it
        QNetworkRequest notConstRequest = request;
        QSslConfiguration conf = notConstRequest.sslConfiguration();
        conf.setProtocol(QSsl::TlsV1_0);
        notConstRequest.setSslConfiguration(conf);
        return QNetworkAccessManager::createRequest(operation, notConstRequest, outgoingData);
    }
};

Then I can set it in my QWebpage using setNetworkAccessManager.

Answer 2

You may find this helpful: Https page works in Windows but not in Linux, he uses the same methodology (near the bottom of the page) as you do for setting the protocol.

I couldn't find a lot of resources, however the Qt docs for Nokia explicitly state that you can set the protocol on a QSslSocket object specifically. Relevant bit:

Note that changing settings in QSslConfiguration is not enough to change the settings in the related SSL connection. You must call setSslConfiguration on a modified QSslConfiguration object to achieve that. The following example illustrates how to change the protocol to TLSv1 in a QSslSocket object:

QSslConfiguration config = sslSocket.sslConfiguration();
config.setProtocol(QSsl::TlsV1);
sslSocket.setSslConfiguration(config);

So yes, the best way is probably to set it on a per-socket-object basis, however if that is not available your method also works. Nokia page: QSslConfiguration