QtCoap: Missing SSLCipher TLS_PSK_WITH_AES_128_CCM_8
-
I'm trying to run
quicksecureclientexample from the QtCoap package in 5.13 and connect to an existing Coap server.
Runningcoap-client -u <identity> -k <psk> coaps://192.168.1.3:5684/<url>works fine (where coap-client comes from libcoap.net)
However, thequicksecureclientdoesn't seem to work and fails at the handshake. After comparing the wireshark logs, I noticed that TLS_PSK_WITH_AES_128_CCM_8 is not in the list of Ciphers returned byconfiguration.supportedCiphers().
Any suggestions on how to add this?
I'm on Ubuntu 16.04, having OpenSSL version 1.0.2gThanks in advance,
Marc
-
In the meantime, I've upgraded to Openssl 1.1.1c which does support TLS_PSK_WITH_AES_128_CCM_8 . However,
configuration.supportedCiphers()does not seem to return this cipher.
Where does Qt gets its list of supported ciphers and how can I add one? -
And I'm one step further:
QSslSocket::sslLibraryBuildVersionString()still returns "OpenSSL 1.0.2k-fips 26 Jan 2017".
So somehow I should get Qt to load the 1.1 version. This should be possible according to the docs "By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time"
Question now is how to control the dynamic loading and to get Qt to load the OpenSSL 1.1 first -
What Qt version do you use? Support for OpenSsl 1.1 was added in 5.12 afaik.
Qt Online Installer direct download: https://download.qt.io/official_releases/online_installers/
Visit the Qt Academy at https://academy.qt.io/catalog -
I'm using Qt 5.13.0-rc. I have both OpenSSL 1.0.2 and OpenSSL 1.1.1 on my Ubuntu 16.04 system. Somehow, I have to point Qt to the correct version but I've played ao with LD_LIBRARY_PATH but with no success.
-
Ok, now the question is if your Qt is compiled with openssl 1.1 support.
-
What Qt version do you use? Support for OpenSsl 1.1 was added in 5.12 afaik.
@Christian-Ehrlicher said in QtCoap: Missing SSLCipher TLS_PSK_WITH_AES_128_CCM_8:
What Qt version do you use? Support for OpenSsl 1.1 was added in 5.12 afaik.
Nope, it was added in 5.10. The pre-built package were still built using 1.0 to avoid breaking the work of people relying on that version of OpenSSL.
@Marc_Van_Daele you can't just switch between one and the other, the API/ABI has been broken between OpenSSL 1.0 and 1.1.
You'll have to build your Qt version by hand to make it use OpenSSL 1.1
-
Thanks for the clarification!
The docs are a bit misleading when they state "By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time"
I've created https://bugreports.qt.io/browse/QTBUG-76290 since I think there is a mismatch between the default packaging in 5.13 (uses 1.0) and the requirements for the (new) QtCoap (needs 1.1)
