TLS initialization failed only on a particular machine
-
Hi guys!
I have this very strange situation. I have a Qt application that connects to a web server and I'm receiving the "TLS initialization failed" error but only in a particular machine (HP Z800 workstation with Windows 10 Pro latest version).
My application uses Qt 5.15.0 and I've included the OpenSSL 1.1.1 compiled libraries that come with Qt (C:\Qt\Qt5.15.0\Tools\OpenSSL\Win_x64\bin, in particular, the files libcrypto-1_1-x64.dll and libssl-1_1-x64.dll).
The weird thing is that it is failing only for this particular machine. Other machines in the same network are working just fine. The application has been distributed for months to a wide variety of users and this is the first time I have this problem. Could it be a bug of OpenSSL for that particular hardware configuration? How could I test that? Or what else could be happening?
I've already tried disabling the antivirus, the firewall, running as admin, running in compatibility mode - nothing worked. I'm running out of ideas so any help would be really appreciated!
-
Hi,
Just a wild idea, did you check the certificates installed on that machine ?
-
I'd start with checking If there's a certificate that is outdated or missing.
-
Having the same issue. Certificates seems to be valid (clean Win 10 Pro). Any other ideas ?
-
Having the same issue. Certificates seems to be valid (clean Win 10 Pro). Any other ideas ?
@Harry-Schneider said in TLS initialization failed only on a particular machine:
Any other ideas ?
You may want to use Wireshark to check the TLS handshake.
-
@Harry-Schneider said in TLS initialization failed only on a particular machine:
Any other ideas ?
You may want to use Wireshark to check the TLS handshake.
@Pablo-J-Rogina said in TLS initialization failed only on a particular machine:
@Harry-Schneider said in TLS initialization failed only on a particular machine:
Any other ideas ?
You may want to use Wireshark to check the TLS handshake.
Hi Pablo, thanks for the suggestion. I'm using WireShark to compare the packages between a request that is working and the one is failing, but I don't see any differences at first sight. Do you know if there's anything in particular that I could look for?
Here's the successful request:
And the one is failing:
-
@SGaist @Pablo-J-Rogina Do you know if there's a way to log more information about the error? Because I don't see anything wrong when I analyze the packages with WireShark. Right now I'm using poReply->errorString().
Does it make sense to try updating Qt 6.0? Do you know if the binaries for libcrypto and/or libssl have been updated since Qt 5.15.0? Any other ideas?
Thanks!
-
You test different versions of OpenSSL yourself. They are not linked just dynamically loaded and even if linked, you can switch them.
-
It worked by updating the OpenSSL binaries to OpenSSL 1.1.1j. So it's probably a bug that was solved in that version. Many thanks for the help! Hope this helps someone.
@fsinisi I had similar problem in the past and I found out that binaries for OpenSSL distributed with Qt are compiled used MSVC, they require additional libraries from MS. Some of the computers that were running my software had them, some of them not.
Problem was solved by using OpenSSL build with MinGW - no dependencies there. -
@artwaw Thanks for the tip!
In this particular case, I think the problem was related to the version because it started to work after updating to OpenSSL 1.1.1j instead of the version that comes with Qt 5.15.0 (which I think is OpenSSL 1.1.1g but I'm not sure now).
I compiled the libraries myself following the official guide which uses MSVC: https://github.com/openssl/openssl/blob/master/NOTES-WINDOWS.md
Anyway, your suggestion makes sense and it is definitely something to try as well if anyone has problems.
