Secure Sockets Layer (SSL) Classes
The classes below provide support for secure network communication using the Secure Sockets Layer (SSL) protocol, using the OpenSSL Toolkit to perform encryption and protocol handling.
From Qt version 5.15 onwards, the officially supported version for OpenSSL is 1.1.1 or later.
This class provides encryption for UDP sockets | |
This class implements server-side DTLS cookie generation and verification | |
This class defines parameters for DTLS cookie generator | |
This class represents Online Certificate Status Protocol response | |
Declares enums common to all SSL classes in Qt Network | |
Convenient API for an X509 certificate | |
API for accessing the extensions of an X509 certificate | |
Represents an SSL cryptographic cipher | |
Holds the configuration and state of an SSL connection | |
Interface for Diffie-Hellman parameters for servers | |
Represents an elliptic curve for use by elliptic-curve cipher algorithms | |
SSL error | |
Interface for private and public keys | |
Authentication data for pre shared keys (PSK) ciphersuites | |
SSL encrypted socket for both clients and servers | |
Describes the level of an alert message | |
Enumerates possible codes that an alert message can have | |
Describes the current state of DTLS handshake | |
Enumerates classes that a TLS backend implements | |
Describes errors that can be found by QDtls and QDtlsClientVerifier | |
Describes the Online Certificate Status | |
Describes the reason for revocation | |
Enumerates possible features that a TLS backend supports |
Enabling and Disabling SSL Support
When building Qt from source, the configuration system checks for the presence of the openssl/opensslv.h
header provided by source or developer packages of OpenSSL.
By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time. However, it is possible to link against the library at compile-time by configuring Qt with the -openssl-linked
option.
When building a version of Qt linked against OpenSSL, Qt's build system will use CMake's FindOpenSSL
command to find OpenSSL in several standard locations. You can set the CMake variable OPENSSL_ROOT_DIR to force a specific location.
For example:
configure -openssl-linked -- -D OPENSSL_ROOT_DIR=<openssl_dir>
To disable SSL support in a Qt build, configure Qt with the -no-openssl
option.
Datagram Transport Layer Security
Datagram Transport Layer Security (DTLS) is a protocol that enables security for datagram-based applications, providing them with protection against eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol. QtNetwork enables the use of DTLS with User Datagram Protocol (UDP), as defined by RFC 6347.
Import and Export Restrictions
Qt binary installers include the OpenSSL libraries used by QtNetwork. However, those are not automatically deployed with applications that are built with Qt. Import and export restrictions apply for some types of software, and for some parts of the world. Developers wishing to use SSL communication in their deployed applications should either ensure that their users have the appropriate libraries installed, or they should consult a suitably qualified legal professional to ensure that applications using code from the OpenSSL project are correctly certified for import and export in relevant regions of the world.