Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

QtCoap: Missing SSLCipher TLS_PSK_WITH_AES_128_CCM_8



  • I'm trying to run quicksecureclient example from the QtCoap package in 5.13 and connect to an existing Coap server.
    Running coap-client -u <identity> -k <psk> coaps://192.168.1.3:5684/<url> works fine (where coap-client comes from libcoap.net)
    However, the quicksecureclient doesn't seem to work and fails at the handshake. After comparing the wireshark logs, I noticed that TLS_PSK_WITH_AES_128_CCM_8 is not in the list of Ciphers returned by configuration.supportedCiphers().
    Any suggestions on how to add this?
    I'm on Ubuntu 16.04, having OpenSSL version 1.0.2g

    Thanks in advance,

    Marc



  • In the meantime, I've upgraded to Openssl 1.1.1c which does support TLS_PSK_WITH_AES_128_CCM_8 . However, configuration.supportedCiphers() does not seem to return this cipher.
    Where does Qt gets its list of supported ciphers and how can I add one?



  • And I'm one step further: QSslSocket::sslLibraryBuildVersionString() still returns "OpenSSL 1.0.2k-fips 26 Jan 2017".
    So somehow I should get Qt to load the 1.1 version. This should be possible according to the docs "By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time"
    Question now is how to control the dynamic loading and to get Qt to load the OpenSSL 1.1 first


  • Lifetime Qt Champion

    What Qt version do you use? Support for OpenSsl 1.1 was added in 5.12 afaik.



  • I'm using Qt 5.13.0-rc. I have both OpenSSL 1.0.2 and OpenSSL 1.1.1 on my Ubuntu 16.04 system. Somehow, I have to point Qt to the correct version but I've played ao with LD_LIBRARY_PATH but with no success.


  • Lifetime Qt Champion

    Ok, now the question is if your Qt is compiled with openssl 1.1 support.


  • Lifetime Qt Champion

    @Christian-Ehrlicher said in QtCoap: Missing SSLCipher TLS_PSK_WITH_AES_128_CCM_8:

    What Qt version do you use? Support for OpenSsl 1.1 was added in 5.12 afaik.

    Nope, it was added in 5.10. The pre-built package were still built using 1.0 to avoid breaking the work of people relying on that version of OpenSSL.

    @Marc_Van_Daele you can't just switch between one and the other, the API/ABI has been broken between OpenSSL 1.0 and 1.1.

    You'll have to build your Qt version by hand to make it use OpenSSL 1.1



  • Thanks for the clarification!

    The docs are a bit misleading when they state "By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time"

    I've created https://bugreports.qt.io/browse/QTBUG-76290 since I think there is a mismatch between the default packaging in 5.13 (uses 1.0) and the requirements for the (new) QtCoap (needs 1.1)


Log in to reply