[Qgis-user] WMS via https - "SSL handshake failed"
Jorge Gustavo Rocha
jgr at di.uminho.pt
Thu Jan 5 15:30:36 PST 2017
Hi John,
I've captured QGIS packets to/from the WMS service, after clicking
"Connect" on QGIS (to get the capabilities document).
The print screen is available at [1].
Wireshark reports the protocol as TLSv1.2.
Regards,
Jorge
[1] http://webgis.di.uminho.pt/~jgr/qgis-connect-https-wms-service.png
Às 18:23 de 05-01-2017, John Cartwright escreveu:
> Thanks. I used wireshark to trace the session and it appears that QGIS
> is attempting to make the connection with TLSv1 which I think is at
> least part of the problem.
>
> Can either of you tell me what protocol and cipher suites you’re using?
> what OS you’re running on? Is there anyway to force QGIS to use a
> different protocol?
>
> Thanks!
>
> —john
>
>> On Jan 4, 2017, at 1:59 AM, Pasquale Di Donato
>> <pasquale.didonato at gmail.com <mailto:pasquale.didonato at gmail.com>> wrote:
>>
>> Hi John,
>>
>> I can access your service too. Using QGIS 2.14.8.
>> Maybe you have an issue with a proxy?
>>
>> Pasquale
>>
>> On Wed, Jan 4, 2017 at 12:57 AM, Jorge Gustavo Rocha <jgr at di.uminho.pt
>> <mailto:jgr at di.uminho.pt>> wrote:
>>
>> Hi John,
>>
>> I've added your WMS service and it works without any problem. I've
>> just added the url and the connect works. The capabilities are
>> displayed.
>>
>> You can check the print screen [1] with your https WMS layer.
>>
>> I'm using QGIS 2.18.2 on Ubuntu. Which OS are you using?
>>
>> Regards,
>>
>> Jorge Gustavo
>>
>> [1] http://webgis.di.uminho.pt/~jgr/wms%20with%20https.png
>> <http://webgis.di.uminho.pt/~jgr/wms%20with%20https.png>
>>
>>
>> Às 17:42 de 03-01-2017 <tel:03-01-2017>, John Cartwright escreveu:
>>
>> Thanks for your reply Luigi! To be clear, the WMS service
>> that I’m
>> trying to connect to does not require a username/password but
>> is only
>> available via https. The server (https://maps.ngdc.noaa.gov
>> <https://maps.ngdc.noaa.gov/>) has a
>> valid CA certificate. I tried adding a SSL Server Configuration
>> (preferences -> authentication -> Manage Certificates ->
>> Server) and
>> while the entry appears to be valid, I still get the SSL
>> Handshake error
>> when trying add a WMS layer.
>>
>> Any further ideas? Here’s the actual URL I’m trying to add:
>>
>> https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade/MapServer/WMSServer?request=GetCapabilities&service=WMS
>> <https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade/MapServer/WMSServer?request=GetCapabilities&service=WMS>
>>
>> Thanks again for your help!
>>
>> —john
>>
>>
>> On Jan 2, 2017, at 1:52 AM, Luigi Pirelli
>> <luipir at gmail.com <mailto:luipir at gmail.com>
>> <mailto:luipir at gmail.com <mailto:luipir at gmail.com>>> wrote:
>>
>> Hi John
>>
>> SSL is managed storing credentials using the QGIS
>> Authentication
>> Manager that store credentials in the same way as Firefox,
>> in a master
>> pwd crypted store in your $home/.qgis2/qgis-auth.db.
>> You should managed credentials using
>> Settings->options->authentication.
>>
>> QGIS uses OpenSSL => and specifically can import different
>> king of
>> credential method (using plugins => can be expanded). De
>> default auth
>> method installed are listed in the documentation:
>> https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html
>> <https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html>
>>
>> what is you auth method? can you explain the workflow you
>> followed to
>> store and use your credentials?
>>
>> regards
>> Luigi Pirelli
>>
>> **************************************************************************************************
>> * Boundless QGIS Support/Development: lpirelli AT
>> boundlessgeo DOT com
>> * LinkedIn: https://www.linkedin.com/in/luigipirelli
>> <https://www.linkedin.com/in/luigipirelli>
>> * Stackexchange:
>> http://gis.stackexchange.com/users/19667/luigi-pirelli
>> <http://gis.stackexchange.com/users/19667/luigi-pirelli>
>> * GitHub: https://github.com/luipir
>> * Mastering QGIS 2nd Edition:
>> *
>> https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
>> <https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition>
>> **************************************************************************************************
>>
>>
>> On 29 December 2016 at 22:38, John Cartwright
>> <john.c.cartwright at comcast.net
>> <mailto:john.c.cartwright at comcast.net>> wrote:
>>
>> Hello All,
>>
>> I’m trying to use a WMS service over https and get the
>> following
>> error when trying to connect:
>>
>> Failed to download capabilities:
>> Download of capabilities failed: SSL handshake failed
>>
>> The URL works fine in a browser though. I’m guessing
>> that QGIS and
>> the server are not able to agree on a cipher suite.
>> Can anyone tell
>> me what ciphers QGIS supports or any way to get more
>> insight into the
>> underlying problem?
>>
>> QGIS is version 2.18.2.
>>
>> Thanks!
>>
>> —john
>>
>> _______________________________________________
>> Qgis-user mailing list
>> Qgis-user at lists.osgeo.org
>> <mailto:Qgis-user at lists.osgeo.org>
>> List info:
>> http://lists.osgeo.org/mailman/listinfo/qgis-user
>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>> Unsubscribe:
>> http://lists.osgeo.org/mailman/listinfo/qgis-user
>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>
>>
>>
>>
>> _______________________________________________
>> Qgis-user mailing list
>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>
>>
>> J. Gustavo
>> --
>> Jorge Gustavo Rocha
>> Departamento de Informática
>> Universidade do Minho
>> 4710-057 Braga
>> Tel: +351 253604480 <tel:%2B351%20253604480>
>> Fax: +351 253604471 <tel:%2B351%20253604471>
>> Móvel: +351 910333888 <tel:%2B351%20910333888>
>> skype: nabocudnosor
>>
>>
>> _______________________________________________
>> Qgis-user mailing list
>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>
>>
>> _______________________________________________
>> Qgis-user mailing list
>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>
J. Gustavo
--
Jorge Gustavo Rocha
Departamento de Informática
Universidade do Minho
4710-057 Braga
Tel: +351 253604480
Fax: +351 253604471
Móvel: +351 910333888
skype: nabocudnosor
More information about the Qgis-user
mailing list