1// Copyright (C) 2016 The Qt Company Ltd.
2// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only
6 \title Secure Sockets Layer (SSL) Classes
7 \brief Classes for secure communication over network sockets.
11 The classes below provide support for secure network communication using
12 the Secure Sockets Layer (SSL) protocol, using a native TLS backend,
13 the \l{OpenSSL Toolkit}, or any appropriate TLS plugin to perform encryption
14 and protocol handling.
16 From Qt version 5.15 onward, the officially supported version for OpenSSL
19 Qt version 5.15.1 onward is also compatible with OpenSSL 3.
23 For Android applications see \l{Adding OpenSSL Support for Android}.
25 \section1 Enabling and Disabling SSL Support when Building Qt from Source
27 When building Qt from source, Qt builds plugins for native TLS libraries
28 that are supported for the operating system you are building for. For
30 \l{https://docs.microsoft.com/en-us/windows/win32/com/schannel}{Schannel},
31 while for macOS this is
32 \l{https://developer.apple.com/documentation/security/secure_transport}{Secure Transport}.
34 On all platforms, the configuration system checks for the presence of the
35 \c{openssl/opensslv.h} header provided by source or developer packages
36 of OpenSSL. If found, it will enable and build the OpenSSL backend for Qt.
38 By default, an OpenSSL-enabled Qt library dynamically loads any installed
39 OpenSSL library at run-time. However, it is possible to link against the
40 library at compile-time by configuring Qt with the \c{-openssl-linked}
43 When building a version of Qt linked against OpenSSL, Qt's build system will
44 use CMake's \c{FindOpenSSL} command to find OpenSSL in several standard
45 locations. You can set the CMake variable OPENSSL_ROOT_DIR to force a
50 configure -openssl-linked -- -D OPENSSL_ROOT_DIR=<openssl_dir>
53 To disable SSL support in a Qt build, configure Qt with the \c{-no-openssl}
56 \section1 Considerations While Packaging Your Application
58 When you package your application, you may run a tool like \l{windeployqt}. This
59 copies all the plugins for the libraries you use to the \c{plugins/} folder.
60 However, for TLS you only need one backend, and you may delete the other
61 plugins before packaging your application. For example, if you're on Windows
62 and don't require any of the extra features the OpenSSL backend provides,
63 you can choose to forego shipping the \c{qopensslbackend} plugin as well as
64 the OpenSSL library, and simply ship the \c{qschannelbackend} plugin.
66 However, shipping multiple backends is not a problem. Qt will
67 attempt to load the backends in order (with OpenSSL attempted first) until
68 one is successfully loaded. The other backends are then unused.
70 \section1 Datagram Transport Layer Security
72 Datagram Transport Layer Security (DTLS) is a protocol that enables security
73 for datagram-based applications, providing them with protection against
74 eavesdropping, tampering, or message forgery. The DTLS protocol is based on the
75 stream-oriented Transport Layer Security (TLS) protocol. QtNetwork enables
76 the use of DTLS with User Datagram Protocol (UDP), as defined by
79 \section1 Import and Export Restrictions
81 Qt binary installers include the OpenSSL libraries used by QtNetwork. However,
82 those are not automatically deployed with applications that are built with Qt.
83 Import and export restrictions apply for some types of software, and for
84 some parts of the world. Developers wishing to use SSL communication in their
85 deployed applications should either ensure that their users have the appropriate
86 libraries installed, or they should consult a suitably qualified legal
87 professional to ensure that applications using code from the OpenSSL project
88 are correctly certified for import and export in relevant regions of the world.
1.10.0