[Qgis-user] WMS via https - "SSL handshake failed"
John Cartwright
john.c.cartwright at comcast.net
Thu Jan 5 16:04:42 PST 2017
Thanks Jorge, that helps confirm my suspicion. Are you running on linux? Based on this ticket (https://hub.qgis.org/issues/11473 <https://hub.qgis.org/issues/11473>), it sounds like the supported protocols may be dependent on the version of Qt that QGIS is using. Do you happen to know which version you’re using?
—john
> On Jan 5, 2017, at 4:30 PM, Jorge Gustavo Rocha <jgr at di.uminho.pt> wrote:
>
> Hi John,
>
> I've captured QGIS packets to/from the WMS service, after clicking "Connect" on QGIS (to get the capabilities document).
>
> The print screen is available at [1].
>
> Wireshark reports the protocol as TLSv1.2.
>
> Regards,
>
> Jorge
>
> [1] http://webgis.di.uminho.pt/~jgr/qgis-connect-https-wms-service.png
>
>
> Às 18:23 de 05-01-2017, John Cartwright escreveu:
>> Thanks. I used wireshark to trace the session and it appears that QGIS
>> is attempting to make the connection with TLSv1 which I think is at
>> least part of the problem.
>>
>> Can either of you tell me what protocol and cipher suites you’re using?
>> what OS you’re running on? Is there anyway to force QGIS to use a
>> different protocol?
>>
>> Thanks!
>>
>> —john
>>
>>> On Jan 4, 2017, at 1:59 AM, Pasquale Di Donato
>>> <pasquale.didonato at gmail.com <mailto:pasquale.didonato at gmail.com>> wrote:
>>>
>>> Hi John,
>>>
>>> I can access your service too. Using QGIS 2.14.8.
>>> Maybe you have an issue with a proxy?
>>>
>>> Pasquale
>>>
>>> On Wed, Jan 4, 2017 at 12:57 AM, Jorge Gustavo Rocha <jgr at di.uminho.pt
>>> <mailto:jgr at di.uminho.pt>> wrote:
>>>
>>> Hi John,
>>>
>>> I've added your WMS service and it works without any problem. I've
>>> just added the url and the connect works. The capabilities are
>>> displayed.
>>>
>>> You can check the print screen [1] with your https WMS layer.
>>>
>>> I'm using QGIS 2.18.2 on Ubuntu. Which OS are you using?
>>>
>>> Regards,
>>>
>>> Jorge Gustavo
>>>
>>> [1] http://webgis.di.uminho.pt/~jgr/wms%20with%20https.png
>>> <http://webgis.di.uminho.pt/~jgr/wms%20with%20https.png>
>>>
>>>
>>> Às 17:42 de 03-01-2017 <tel:03-01-2017>, John Cartwright escreveu:
>>>
>>> Thanks for your reply Luigi! To be clear, the WMS service
>>> that I’m
>>> trying to connect to does not require a username/password but
>>> is only
>>> available via https. The server (https://maps.ngdc.noaa.gov
>>> <https://maps.ngdc.noaa.gov/>) has a
>>> valid CA certificate. I tried adding a SSL Server Configuration
>>> (preferences -> authentication -> Manage Certificates ->
>>> Server) and
>>> while the entry appears to be valid, I still get the SSL
>>> Handshake error
>>> when trying add a WMS layer.
>>>
>>> Any further ideas? Here’s the actual URL I’m trying to add:
>>>
>>> https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade/MapServer/WMSServer?request=GetCapabilities&service=WMS
>>> <https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade/MapServer/WMSServer?request=GetCapabilities&service=WMS>
>>>
>>> Thanks again for your help!
>>>
>>> —john
>>>
>>>
>>> On Jan 2, 2017, at 1:52 AM, Luigi Pirelli
>>> <luipir at gmail.com <mailto:luipir at gmail.com>
>>> <mailto:luipir at gmail.com <mailto:luipir at gmail.com>>> wrote:
>>>
>>> Hi John
>>>
>>> SSL is managed storing credentials using the QGIS
>>> Authentication
>>> Manager that store credentials in the same way as Firefox,
>>> in a master
>>> pwd crypted store in your $home/.qgis2/qgis-auth.db.
>>> You should managed credentials using
>>> Settings->options->authentication.
>>>
>>> QGIS uses OpenSSL => and specifically can import different
>>> king of
>>> credential method (using plugins => can be expanded). De
>>> default auth
>>> method installed are listed in the documentation:
>>> https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html
>>> <https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html>
>>>
>>> what is you auth method? can you explain the workflow you
>>> followed to
>>> store and use your credentials?
>>>
>>> regards
>>> Luigi Pirelli
>>>
>>> **************************************************************************************************
>>> * Boundless QGIS Support/Development: lpirelli AT
>>> boundlessgeo DOT com
>>> * LinkedIn: https://www.linkedin.com/in/luigipirelli
>>> <https://www.linkedin.com/in/luigipirelli>
>>> * Stackexchange:
>>> http://gis.stackexchange.com/users/19667/luigi-pirelli
>>> <http://gis.stackexchange.com/users/19667/luigi-pirelli>
>>> * GitHub: https://github.com/luipir
>>> * Mastering QGIS 2nd Edition:
>>> *
>>> https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
>>> <https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition>
>>> **************************************************************************************************
>>>
>>>
>>> On 29 December 2016 at 22:38, John Cartwright
>>> <john.c.cartwright at comcast.net
>>> <mailto:john.c.cartwright at comcast.net>> wrote:
>>>
>>> Hello All,
>>>
>>> I’m trying to use a WMS service over https and get the
>>> following
>>> error when trying to connect:
>>>
>>> Failed to download capabilities:
>>> Download of capabilities failed: SSL handshake failed
>>>
>>> The URL works fine in a browser though. I’m guessing
>>> that QGIS and
>>> the server are not able to agree on a cipher suite.
>>> Can anyone tell
>>> me what ciphers QGIS supports or any way to get more
>>> insight into the
>>> underlying problem?
>>>
>>> QGIS is version 2.18.2.
>>>
>>> Thanks!
>>>
>>> —john
>>>
>>> _______________________________________________
>>> Qgis-user mailing list
>>> Qgis-user at lists.osgeo.org
>>> <mailto:Qgis-user at lists.osgeo.org>
>>> List info:
>>> http://lists.osgeo.org/mailman/listinfo/qgis-user
>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>> Unsubscribe:
>>> http://lists.osgeo.org/mailman/listinfo/qgis-user
>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Qgis-user mailing list
>>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>
>>>
>>> J. Gustavo
>>> --
>>> Jorge Gustavo Rocha
>>> Departamento de Informática
>>> Universidade do Minho
>>> 4710-057 Braga
>>> Tel: +351 253604480 <tel:%2B351%20253604480>
>>> Fax: +351 253604471 <tel:%2B351%20253604471>
>>> Móvel: +351 910333888 <tel:%2B351%20910333888>
>>> skype: nabocudnosor
>>>
>>>
>>> _______________________________________________
>>> Qgis-user mailing list
>>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>
>>>
>>> _______________________________________________
>>> Qgis-user mailing list
>>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>
>
> J. Gustavo
> --
> Jorge Gustavo Rocha
> Departamento de Informática
> Universidade do Minho
> 4710-057 Braga
> Tel: +351 253604480
> Fax: +351 253604471
> Móvel: +351 910333888
> skype: nabocudnosor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20170105/5fb36c5c/attachment.html>
More information about the Qgis-user
mailing list