doc.qt.io SSL cypher issue - cannot access with Firefox on EL6



  • Hi

    Our developers have started reporting problems accessing https://doc.qt.io using Firefox 60 ESR on EL 6.10:

    An error occurred during a connection to doc.qt.io. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

    It looks like the site only supports two cyphers, neither of which are supported by the latest NSS on EL 6.10:

    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

    Is this intentional because it excludes anyone using Red Hat 6 / CentOS 6 / Scientific Linux 6?

    Rob



  • Qt provides local documentation which can be used from Qt Creator or Assistant, it requires no Internet access at all



  • Thanks for the reply. For sure I'll suggest that. I'm just hoping to alert someone of the possible misconfiguration of the docs.qt.io subdomain as enforcing SSL with only TLS 1.2 and 2 ciphers will probably prevent access from more platforms than just this case.



  • It's been resolved with 2 extra cipher suites added :-)

    | ssl-enum-ciphers:
    | TLSv1.2:
    | ciphers:
    | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
    | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
    | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
    | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A


Log in to reply