On 16/06/2019 13:41, Konrad Rosenbaum wrote:
Bob, you already have really good answers from Elvis and Thiago - please ignore this thread! In short: use QSslSocket/QSslServer, set the protocol version to 1.2 or newer, deliver the server cert (not key) with your client software, authentication depends on your use case. Ask specific non-Qt questions onhttps://security.stackexchange.com/ .
Some other advice: * Ignore Roland's email;* Network security isn't an after-thought, to bolt on somehow at the end of the development. It has implications in your architecture and processes (and ultimately code, to handle it properly).
* Network security on non-localhost connections is a mandatory feature and not a "nice to have" (we're still in 2019). Qt makes it easy for application developers via QSslSocket/QSslServer (for TCP), QDtls (for UDP), QNetworkAccessManager (for HTTPS).
Depending on which side(s) you're developing, you need knowledge about the challenges involved.
* For some of the Qt-specific insights Richard Moore's talk from QtDD :
https://www.youtube.com/watch?v=btLCVoEuEr8&list=PLizsthdRd0YzYe5T3Txgg7TUGVi-ijq4d&index=43
(It's a bit old, but the main points are still valid. The most important one being do not *ever* call ignoreSslErrors() unless you know what you're doing)
* For the non-Qt specific insights, refer to online forums or a few good books (which however go old very quickly and need to be complemented by up-to-date information). I don't know about any single book around PKI operations, though, which are probably one of the most critical parts (rather than delving into OpenSSL programming, which Qt will hide from you). Maybe a question for the forums.
HTH, -- Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer KDAB (France) S.A.S., a KDAB Group company Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com KDAB - The Qt, C++ and OpenGL Experts
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
