From f84d5d46d3ae056f87fa6127e8fa430c9a4612e8 Mon Sep 17 00:00:00 2001 From: Amir Abrams Date: Tue, 18 Jun 2019 06:34:36 -0500 Subject: [PATCH] QT: Revert "Force TLS1.0+ for SSL connections" (#2985) See: https://github.com/bitcoin/bitcoin/commit/0242b5afa4ebb381d3a59a7246348a50d3a7fdbe This reverts commit 15e26a6, whose purpose was to tweak the Qt configuration to force TLS, i.e., to disable SSLv3, in Qt versions >= 5.5. However, the default behavior of Qt >= 5.4 is to disable SSLv3 anyway [1], so the configuration tweak is redundant. With Qt 5.11.2, the configuration tweak is not only redundant but in fact provokes a deadlock (#14359) due to Qt 5.11.2 being incompatible with OpenSSL 1.1.1 [2]. Since the deadlock occurs at the early startup stage of bitcoin-qt, it renders bitcoin-qt entirely non-functional when compiled against OpenSSL 1.1.1 and Qt 5.11.2 (and possible future combinations of OpenSSL and Qt versions). This commit fixes #14359 by removing the redundant code. [1] https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3fd2d9eff8c1f948306ee5fbfe364ccded1c4b84 [2] https://bugreports.qt.io/browse/QTBUG-70956 --- src/qt/dash.cpp | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/qt/dash.cpp b/src/qt/dash.cpp index 1f351bc83..4cd47236c 100644 --- a/src/qt/dash.cpp +++ b/src/qt/dash.cpp @@ -54,7 +54,6 @@ #include #include #include -#include #if defined(QT_STATICPLUGIN) #include @@ -601,13 +600,6 @@ int main(int argc, char *argv[]) #ifdef Q_OS_MAC QApplication::setAttribute(Qt::AA_DontShowIconsInMenus); #endif -#if QT_VERSION >= 0x050500 - // Because of the POODLE attack it is recommended to disable SSLv3 (https://disablessl3.com/), - // so set SSL protocols to TLS1.0+. - QSslConfiguration sslconf = QSslConfiguration::defaultConfiguration(); - sslconf.setProtocol(QSsl::TlsV1_0OrLater); - QSslConfiguration::setDefaultConfiguration(sslconf); -#endif // Register meta types used for QMetaObject::invokeMethod qRegisterMetaType< bool* >();