下麵的類使用 SSL (安全套接字層) 協議為安全網絡通信提供支持,使用本機 TLS (傳輸層安全) 後端 OpenSSL 工具包 ,或任何適當 TLS 插件以履行加密和協議處理。
| 此類為 UDP (用戶數據報協議) 套接字提供加密 | |
| 此類實現服務器側 DTLS Cookie 的生成和驗證 | |
| 此類定義用於 DTLS Cookie 生成器的參數 | |
| 此類錶示在綫證書狀態協議響應 | |
| 聲明 Qt Network 中所有 SSL 類公用的枚舉 | |
| 用於 X509 證書的便捷 API | |
| 用於訪問 X509 證書擴展名的 API | |
| 錶示 SSL 加密密碼 | |
| 保持 SSL 連接的配置和狀態 | |
| 用於服務器的 Diffie-Hellman 參數的接口 | |
| 錶示供橢圓麯綫密碼算法使用的橢圓麯綫 | |
| SSL 錯誤 | |
| 用於私鑰和公鑰的接口 | |
| 用於 PSK (預共享密鑰) 密碼套件的身份驗證數據 | |
| 通過 TLS (傳輸層安全) 實現加密的安全 TCP 服務器 | |
| 用於客戶端和服務器兩者的 SSL 加密套接字 | |
| 描述警報消息的級彆 | |
| 枚舉警報消息可以擁有的可能代碼 | |
| 描述 DTLS 握手的當前狀態 | |
| 枚舉 TLS (傳輸層安全) 後端實現的類 | |
| 描述通過 QDtls 和 QDtlsClientVerifier 發現的錯誤 | |
| 描述在綫證書狀態 | |
| 描述撤銷的原因 | |
| 枚舉 TLS (傳輸層安全) 後端支持的可能特徵 |
對於 Android 應用程序,見 為 Android 添加 OpenSSL 支持 .
Use encryption when transporting data on any network whenever possible. Plaintext , which is unencrypted data that is easily readable, exposes sensitive data such as user information and information about network systems.
使用 QSslSocket::connectToHostEncrypted () to connect using encryption and check for SSL issues using QSslSocket::sslHandshakeErrors ()。使用 QSslSocket::ignoreSslErrors () with caution as it will create security risks in your application.
使用 QSslConfiguration to enforce strong security settings. The supported protocols depend on the SSL backend and the risk level of a protocol could change in the future. You can use a newer and more secure protocol using QSslConfiguration::setProtocol (). For more information, refer to QSsl::SslProtocol for the available protocols.
When building Qt from source, Qt builds plugins for native TLS libraries that are supported for the operating system you are building for. For Windows this means Schannel ,而對於 macOS 這是 Secure Transport .
在所有平颱,配置係統校驗是否存在
openssl/opensslv.h
header provided by source or developer packages of OpenSSL. If found, it will enable and build the OpenSSL backend for Qt.
注意: While Qt can still support the older OpenSSL 1.1.1 version when built from sources, the builds of Qt in the Qt Online Installer require OpenSSL 3 at runtime.
默認情況下,啓用 OpenSSL 的 Qt 庫在運行時會動態加載任何安裝的 OpenSSL 庫。不管怎樣,在編譯時鏈接到庫是可能的通過配置 Qt 采用
-openssl-linked
選項。
When building a version of Qt linked against OpenSSL, Qt's build system will use CMake's
FindOpenSSL
command to find OpenSSL in several standard locations. You can set the CMake variable OPENSSL_ROOT_DIR to force a specific location.
例如:
configure -openssl-linked -- -D OPENSSL_ROOT_DIR=<openssl_dir>
要禁用 SSL 支持在 Qt 構建中,配置 Qt 采用
-no-openssl
選項。
當打包應用程序時,可能運行工具像
windeployqt
。這將要使用的所有庫插件拷貝到
plugins/
folder. However, for TLS you only need one backend, and you may delete the other plugins before packaging your application. For example, if you're on Windows and don't require any of the extra features the OpenSSL backend provides, you can choose to forego shipping the
qopensslbackend
plugin as well as the OpenSSL library, and simply ship the
qschannelbackend
插件。
不管怎樣,隨附多個後端不是問題。Qt 將試圖按次序加載後端 (首先嘗試 OpenSSL),直到成功加載一個後端為止。就不再使用其它後端。
DTLS (安全數據報傳輸層) 是為基於數據報的應用程序,提供防竊聽、防篡改或防消息僞造保護的一種安全協議。DTLS 協議基於麵嚮流的 TLS (傳輸層安全) 協議。 QtNetwork 使能夠使用采用 UDP (用戶數據報協議) 的 DTLS,作為定義通過 RFC 6347 .
Import and export restrictions apply for some types of software, and for some parts of the world. Developers wishing to use SSL communication in their deployed applications should either ensure that their users have the appropriate libraries installed, or they should consult a suitably qualified legal professional to ensure that applications using code from the OpenSSL project are correctly certified for import and export in relevant regions of the world.
參考 Qt 框架和工具的齣口管製 瞭解更多信息。
