Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. QtCoap: Missing SSLCipher TLS_PSK_WITH_AES_128_CCM_8
Forum Updated to NodeBB v4.3 + New Features

QtCoap: Missing SSLCipher TLS_PSK_WITH_AES_128_CCM_8

Scheduled Pinned Locked Moved Solved General and Desktop
8 Posts 3 Posters 592 Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    M Offline
    Marc_Van_Daele
    wrote on 7 Jun 2019, 20:03 last edited by
    #1

    I'm trying to run quicksecureclient example from the QtCoap package in 5.13 and connect to an existing Coap server.
    Running coap-client -u <identity> -k <psk> coaps://192.168.1.3:5684/<url> works fine (where coap-client comes from libcoap.net)
    However, the quicksecureclient doesn't seem to work and fails at the handshake. After comparing the wireshark logs, I noticed that TLS_PSK_WITH_AES_128_CCM_8 is not in the list of Ciphers returned by configuration.supportedCiphers().
    Any suggestions on how to add this?
    I'm on Ubuntu 16.04, having OpenSSL version 1.0.2g

    Thanks in advance,

    Marc

    1 Reply Last reply
    0
    • M Offline
      M Offline
      Marc_Van_Daele
      wrote on 8 Jun 2019, 10:16 last edited by
      #2

      In the meantime, I've upgraded to Openssl 1.1.1c which does support TLS_PSK_WITH_AES_128_CCM_8 . However, configuration.supportedCiphers() does not seem to return this cipher.
      Where does Qt gets its list of supported ciphers and how can I add one?

      1 Reply Last reply
      0
      • M Offline
        M Offline
        Marc_Van_Daele
        wrote on 8 Jun 2019, 17:06 last edited by
        #3

        And I'm one step further: QSslSocket::sslLibraryBuildVersionString() still returns "OpenSSL 1.0.2k-fips 26 Jan 2017".
        So somehow I should get Qt to load the 1.1 version. This should be possible according to the docs "By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time"
        Question now is how to control the dynamic loading and to get Qt to load the OpenSSL 1.1 first

        1 Reply Last reply
        0
        • C Offline
          C Offline
          Christian Ehrlicher
          Lifetime Qt Champion
          wrote on 8 Jun 2019, 17:57 last edited by
          #4

          What Qt version do you use? Support for OpenSsl 1.1 was added in 5.12 afaik.

          Qt Online Installer direct download: https://download.qt.io/official_releases/online_installers/
          Visit the Qt Academy at https://academy.qt.io/catalog

          S 1 Reply Last reply 8 Jun 2019, 19:17
          0
          • M Offline
            M Offline
            Marc_Van_Daele
            wrote on 8 Jun 2019, 18:29 last edited by
            #5

            I'm using Qt 5.13.0-rc. I have both OpenSSL 1.0.2 and OpenSSL 1.1.1 on my Ubuntu 16.04 system. Somehow, I have to point Qt to the correct version but I've played ao with LD_LIBRARY_PATH but with no success.

            1 Reply Last reply
            0
            • C Offline
              C Offline
              Christian Ehrlicher
              Lifetime Qt Champion
              wrote on 8 Jun 2019, 19:10 last edited by
              #6

              Ok, now the question is if your Qt is compiled with openssl 1.1 support.

              Qt Online Installer direct download: https://download.qt.io/official_releases/online_installers/
              Visit the Qt Academy at https://academy.qt.io/catalog

              1 Reply Last reply
              0
              • C Christian Ehrlicher
                8 Jun 2019, 17:57

                What Qt version do you use? Support for OpenSsl 1.1 was added in 5.12 afaik.

                S Offline
                S Offline
                SGaist
                Lifetime Qt Champion
                wrote on 8 Jun 2019, 19:17 last edited by
                #7

                @Christian-Ehrlicher said in QtCoap: Missing SSLCipher TLS_PSK_WITH_AES_128_CCM_8:

                What Qt version do you use? Support for OpenSsl 1.1 was added in 5.12 afaik.

                Nope, it was added in 5.10. The pre-built package were still built using 1.0 to avoid breaking the work of people relying on that version of OpenSSL.

                @Marc_Van_Daele you can't just switch between one and the other, the API/ABI has been broken between OpenSSL 1.0 and 1.1.

                You'll have to build your Qt version by hand to make it use OpenSSL 1.1

                Interested in AI ? www.idiap.ch
                Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                1 Reply Last reply
                1
                • M Offline
                  M Offline
                  Marc_Van_Daele
                  wrote on 8 Jun 2019, 19:44 last edited by
                  #8

                  Thanks for the clarification!

                  The docs are a bit misleading when they state "By default, an SSL-enabled Qt library dynamically loads any installed OpenSSL library at run-time"

                  I've created https://bugreports.qt.io/browse/QTBUG-76290 since I think there is a mismatch between the default packaging in 5.13 (uses 1.0) and the requirements for the (new) QtCoap (needs 1.1)

                  1 Reply Last reply
                  0

                  4/8

                  8 Jun 2019, 17:57

                  • Login

                  • Login or register to search.
                  4 out of 8
                  • First post
                    4/8
                    Last post
                  0
                  • Categories
                  • Recent
                  • Tags
                  • Popular
                  • Users
                  • Groups
                  • Search
                  • Get Qt Extensions
                  • Unsolved