[Qgis-user] WMS via https - "SSL handshake failed"
Jorge Gustavo Rocha
jgr at di.uminho.pt
Fri Jan 6 02:13:32 PST 2017
Hi John,
I was able to use the https WMS server on Ubuntu and on Windows.
=== Ubuntu 16.04.1 LTS, QGIS 64 bit:
QGIS version
2.18.2
QGIS code revision
102ee87
Compiled against Qt
4.8.7
Running against Qt
4.8.7
Compiled against GDAL/OGR
1.11.3
Running against GDAL/OGR
1.11.3
Compiled against GEOS
3.5.0-CAPI-1.9.0
Running against GEOS
3.5.0-CAPI-1.9.0 r4084
PostgreSQL Client Version
9.5.2
SpatiaLite Version
4.3.0a
QWT Version
5.2.3
PROJ.4 Version
492
QScintilla2 Version
2.9.1
=== Windows 10, QGIS 64 bit:
QGIS version
2.18.0
QGIS code revision
0332f5a
Compiled against Qt
4.8.5
Running against Qt
4.8.5
Compiled against GDAL/OGR
2.1.1
Running against GDAL/OGR
2.1.1
Compiled against GEOS
3.5.0-CAPI-1.9.0
Running against GEOS
3.5.0-CAPI-1.9.0 r4084
PostgreSQL Client Version
9.2.4
SpatiaLite Version
4.3.0
QWT Version
5.2.3
PROJ.4 Version
493
QScintilla2 Version
2.7.2
Regards,
Jorge
Às 00:04 de 06-01-2017, John Cartwright escreveu:
> Thanks Jorge, that helps confirm my suspicion. Are you running on
> linux? Based on this ticket (https://hub.qgis.org/issues/11473), it
> sounds like the supported protocols may be dependent on the version of
> Qt that QGIS is using. Do you happen to know which version you’re using?
>
> —john
>
>> On Jan 5, 2017, at 4:30 PM, Jorge Gustavo Rocha <jgr at di.uminho.pt
>> <mailto:jgr at di.uminho.pt>> wrote:
>>
>> Hi John,
>>
>> I've captured QGIS packets to/from the WMS service, after clicking
>> "Connect" on QGIS (to get the capabilities document).
>>
>> The print screen is available at [1].
>>
>> Wireshark reports the protocol as TLSv1.2.
>>
>> Regards,
>>
>> Jorge
>>
>> [1] http://webgis.di.uminho.pt/~jgr/qgis-connect-https-wms-service.png
>>
>>
>> Às 18:23 de 05-01-2017, John Cartwright escreveu:
>>> Thanks. I used wireshark to trace the session and it appears that QGIS
>>> is attempting to make the connection with TLSv1 which I think is at
>>> least part of the problem.
>>>
>>> Can either of you tell me what protocol and cipher suites you’re using?
>>> what OS you’re running on? Is there anyway to force QGIS to use a
>>> different protocol?
>>>
>>> Thanks!
>>>
>>> —john
>>>
>>>> On Jan 4, 2017, at 1:59 AM, Pasquale Di Donato
>>>> <pasquale.didonato at gmail.com <mailto:pasquale.didonato at gmail.com>
>>>> <mailto:pasquale.didonato at gmail.com>> wrote:
>>>>
>>>> Hi John,
>>>>
>>>> I can access your service too. Using QGIS 2.14.8.
>>>> Maybe you have an issue with a proxy?
>>>>
>>>> Pasquale
>>>>
>>>> On Wed, Jan 4, 2017 at 12:57 AM, Jorge Gustavo Rocha
>>>> <jgr at di.uminho.pt <mailto:jgr at di.uminho.pt>
>>>> <mailto:jgr at di.uminho.pt>> wrote:
>>>>
>>>> Hi John,
>>>>
>>>> I've added your WMS service and it works without any problem. I've
>>>> just added the url and the connect works. The capabilities are
>>>> displayed.
>>>>
>>>> You can check the print screen [1] with your https WMS layer.
>>>>
>>>> I'm using QGIS 2.18.2 on Ubuntu. Which OS are you using?
>>>>
>>>> Regards,
>>>>
>>>> Jorge Gustavo
>>>>
>>>> [1] http://webgis.di.uminho.pt/~jgr/wms%20with%20https.png
>>>> <http://webgis.di.uminho.pt/~jgr/wms%20with%20https.png>
>>>>
>>>>
>>>> Às 17:42 de 03-01-2017 <tel:03-01-2017>, John Cartwright escreveu:
>>>>
>>>> Thanks for your reply Luigi! To be clear, the WMS service
>>>> that I’m
>>>> trying to connect to does not require a username/password but
>>>> is only
>>>> available via https. The server (https://maps.ngdc.noaa.gov
>>>> <https://maps.ngdc.noaa.gov/>) has a
>>>> valid CA certificate. I tried adding a SSL Server Configuration
>>>> (preferences -> authentication -> Manage Certificates ->
>>>> Server) and
>>>> while the entry appears to be valid, I still get the SSL
>>>> Handshake error
>>>> when trying add a WMS layer.
>>>>
>>>> Any further ideas? Here’s the actual URL I’m trying to add:
>>>>
>>>> https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade/MapServer/WMSServer?request=GetCapabilities&service=WMS
>>>> <https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade/MapServer/WMSServer?request=GetCapabilities&service=WMS>
>>>>
>>>> Thanks again for your help!
>>>>
>>>> —john
>>>>
>>>>
>>>> On Jan 2, 2017, at 1:52 AM, Luigi Pirelli
>>>> <luipir at gmail.com <mailto:luipir at gmail.com>
>>>> <mailto:luipir at gmail.com>
>>>> <mailto:luipir at gmail.com <mailto:luipir at gmail.com>>> wrote:
>>>>
>>>> Hi John
>>>>
>>>> SSL is managed storing credentials using the QGIS
>>>> Authentication
>>>> Manager that store credentials in the same way as Firefox,
>>>> in a master
>>>> pwd crypted store in your $home/.qgis2/qgis-auth.db.
>>>> You should managed credentials using
>>>> Settings->options->authentication.
>>>>
>>>> QGIS uses OpenSSL => and specifically can import different
>>>> king of
>>>> credential method (using plugins => can be expanded). De
>>>> default auth
>>>> method installed are listed in the documentation:
>>>> https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html
>>>> <https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/auth_overview.html>
>>>>
>>>> what is you auth method? can you explain the workflow you
>>>> followed to
>>>> store and use your credentials?
>>>>
>>>> regards
>>>> Luigi Pirelli
>>>>
>>>> **************************************************************************************************
>>>> * Boundless QGIS Support/Development: lpirelli AT
>>>> boundlessgeo DOT com
>>>> * LinkedIn: https://www.linkedin.com/in/luigipirelli
>>>> <https://www.linkedin.com/in/luigipirelli>
>>>> * Stackexchange:
>>>> http://gis.stackexchange.com/users/19667/luigi-pirelli
>>>> <http://gis.stackexchange.com/users/19667/luigi-pirelli>
>>>> * GitHub: https://github.com/luipir
>>>> * Mastering QGIS 2nd Edition:
>>>> *
>>>> https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition
>>>> <https://www.packtpub.com/big-data-and-business-intelligence/mastering-qgis-second-edition>
>>>> **************************************************************************************************
>>>>
>>>>
>>>> On 29 December 2016 at 22:38, John Cartwright
>>>> <john.c.cartwright at comcast.net
>>>> <mailto:john.c.cartwright at comcast.net>
>>>> <mailto:john.c.cartwright at comcast.net>> wrote:
>>>>
>>>> Hello All,
>>>>
>>>> I’m trying to use a WMS service over https and get the
>>>> following
>>>> error when trying to connect:
>>>>
>>>> Failed to download capabilities:
>>>> Download of capabilities failed: SSL handshake failed
>>>>
>>>> The URL works fine in a browser though. I’m guessing
>>>> that QGIS and
>>>> the server are not able to agree on a cipher suite.
>>>> Can anyone tell
>>>> me what ciphers QGIS supports or any way to get more
>>>> insight into the
>>>> underlying problem?
>>>>
>>>> QGIS is version 2.18.2.
>>>>
>>>> Thanks!
>>>>
>>>> —john
>>>>
>>>> _______________________________________________
>>>> Qgis-user mailing list
>>>> Qgis-user at lists.osgeo.org
>>>> <mailto:Qgis-user at lists.osgeo.org>
>>>> <mailto:Qgis-user at lists.osgeo.org>
>>>> List info:
>>>> http://lists.osgeo.org/mailman/listinfo/qgis-user
>>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>> Unsubscribe:
>>>> http://lists.osgeo.org/mailman/listinfo/qgis-user
>>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Qgis-user mailing list
>>>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>>> <mailto:Qgis-user at lists.osgeo.org>
>>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>>
>>>>
>>>> J. Gustavo
>>>> --
>>>> Jorge Gustavo Rocha
>>>> Departamento de Informática
>>>> Universidade do Minho
>>>> 4710-057 Braga
>>>> Tel: +351 253604480 <tel:%2B351%20253604480>
>>>> Fax: +351 253604471 <tel:%2B351%20253604471>
>>>> Móvel: +351 910333888 <tel:%2B351%20910333888>
>>>> skype: nabocudnosor
>>>>
>>>>
>>>> _______________________________________________
>>>> Qgis-user mailing list
>>>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>>> <mailto:Qgis-user at lists.osgeo.org>
>>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>>> <http://lists.osgeo.org/mailman/listinfo/qgis-user>
>>>>
>>>>
>>>> _______________________________________________
>>>> Qgis-user mailing list
>>>> Qgis-user at lists.osgeo.org <mailto:Qgis-user at lists.osgeo.org>
>>>> <mailto:Qgis-user at lists.osgeo.org>
>>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
>>>
>>
>> J. Gustavo
>> --
>> Jorge Gustavo Rocha
>> Departamento de Informática
>> Universidade do Minho
>> 4710-057 Braga
>> Tel: +351 253604480
>> Fax: +351 253604471
>> Móvel: +351 910333888
>> skype: nabocudnosor
>
J. Gustavo
--
Jorge Gustavo Rocha
Departamento de Informática
Universidade do Minho
4710-057 Braga
Tel: +351 253604480
Fax: +351 253604471
Móvel: +351 910333888
skype: nabocudnosor
More information about the Qgis-user
mailing list