UPDATE
Problem persists in some PC's with Windows 7 and 10. Wireshark states that the requests are getting done with Tlsv1.0.
I read that there is a workaround adding registry keys, but though I tried it and none of them work (disabling Tls1.0 and enabling Tls1.1 and 1.2), I don't want my clients to do such a procedure. I want to tell my app to use 1.2 only.
EOU
I wrote an app using Qt, which performs standard get requests to my website in https://www.myprefix.mydomain.com.
Now, the deployed app on Windows works on computers with TLS version 1.2, but the request gets blocked if the computer has TLS 1.0 enabled. To conclude this I wrote a minimal app (hello world, are u there server?) and checked the Wireshark entries in both computers and that appears to be the only difference. According to Wireshark, if TLS1.0 is available, then my app uses TLS1.0 (regardless of the presence of 1.2) and gets blocked.
I know that 1.0 is no longer considered secure, so I want to tell my Qt app to use only TLS1.+.
I would rather not use http (later I'll get sensitive information) and not tell my clients to disable TLS1.0. Can this be hardcoded into the Qt app?
I have tried with this:
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setProtocol(QSsl::TlsV1_2);
QSslConfiguration::setDefaultConfiguration(config);
But the app still uses TLS1.0 when available, and the server blocks the request (rightly so).
The pre-built packages of Qt supports OpenSSL (on Windows and Linux, macOS uses the SecureTransport framework by default) but they don't provide it as there are specific restrictions in some countries regarding software with cryptographic capabilities.
Therefore, if you have your application working and didn't specifically install OpenSSL on your Windows machine, it means that there's a copy of it laying around in your system. You should find it and if possible remove the containing folder from your PATH environment variable.
Next, you should grab a recent version of OpenSSL. Then you can either copy the dlls in your application folder to ensure they get picked modify the PATH environment variable in Qt Creator (the Run part of the Project panel) so your application can find it.
Note that you currently have to use OpenSSL 1.0.X. If you want 1.1 support you can get it starting with Qt 5.10 but you would have to re-build Qt yourself.