Problems connection to WSS with QWebSocket

  • Hi,

    I'm trying to implement a client using QWebSocket to connect to various WSS servers. It works without any problems on all servers but one. That one problematic server never invokes "connected" signal while "disconnected" is invoked just after "error" signal. The captured error is:
    "Error during SSL handshake: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version"

    QWebSocket* socket = new QWebSocket();
    connect( socket, &QWebSocket::connected, this, [=]() 
        qInfo() << "connected"; 
    connect( socket, &QWebSocket::disconnected, this, [=]() { 
        QString err = ((QWebSocket*)sender())->errorString();
        qInfo() << "disconnected" << err; 
    connect( socket, QOverload<QAbstractSocket::SocketError>::of(&QWebSocket::error), [socket](QAbstractSocket::SocketError error) { 
        qInfo() << "error";
    typedef void (QWebSocket:: *sslErrorsSignal)(const QList<QSslError> &);
    connect( socket, static_cast<sslErrorsSignal>(&QWebSocket::sslErrors), this, [socket]( const QList<QSslError> &errors )
        socket->ignoreSslErrors( errors );
    socket->open( QUrl("wss://") );

    I have the latest OpenSSL installed, and environment is set to point to openssl's bin folder. I even tried copying all dlls from bin folder into Debug folder. No difference.

    I didn't need to install OpenSSL specifically (however it might be part of the system) to successfully connect to other servers. If I try to connect to the same server with NodeJS it works just fine.

    I get some warnings when starting the application, before even trying to connect to the server. So far there was no problems with SSL and I ignored it. QSslSocket: cannot resolve TLSv1_1_client_method QSslSocket: cannot resolve TLSv1_2_client_method QSslSocket: cannot resolve TLSv1_1_server_method QSslSocket: cannot resolve TLSv1_2_server_method QSslSocket: cannot resolve SSL_select_next_proto QSslSocket: cannot resolve SSL_CTX_set_next_proto_s QSslSocket: cannot resolve SSL_get0_next_proto_nego QSslSocket: cannot resolve SSL_set_alpn_protos QSslSocket: cannot resolve SSL_CTX_set_alpn_select_ QSslSocket: cannot resolve SSL_get0_alpn_selected

    Further: QSslSocket::sslLibraryBuildVersionString returns "OpenSSL 1.0.2j 26 Sep 2016".

    Server is a public service and I have no control over it. Locally I'm running the client on windows7 64bit.

    I tried ignoring the SSL errors but nothing happened. Code excerpt:

    typedef void (QWebSocket:: *sslErrorsSignal)(const QList<QSslError> &);
    connect( socket, static_cast<sslErrorsSignal>(&QWebSocket::sslErrors), this, [=]( const QList<QSslError> &errors )

    QSslSocket::supportsSsl() returns true.

    Is there anything else I need to do? Like load certificate? Do I need to set up OpenSSL? I don't have any clues left.
    Any help would be welcome?


  • Moderators

    what version of Qt are you using?

  • I'm using Qt 5.10.1

  • @erazem said in Problems connection to WSS with QWebSocket:

    Error during SSL handshake: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

    You may need to look for more information about this error that OpenSSL is showing. At first glance, it looks like a handshake error i.e. your Qt client (which works fine with other servers) cannot work with this one. See this answer for instance.

    Given you cannot control the server, you may want to use openssl as stated in the answer to at least check/confirm that you can connect with a particular protocol version, see this answer which points ... is alerting you that the server doesn't want to talk TLS v1.0 so when you find a proper protocol that server accepts, you need to set it in the QSSLSocket your QWebsocket is using.

  • Ok, thanks for the reply. It pointed me in the correct direction and after many failures I finally figured it out.
    I guess you only learn when you need to dig deep.

    The only thing I had to do was install the correct version of openSSL. Since it is my first time I had no idea what the letter actually meant, I picked the first build, which was version g, I had to install version n.

    For all future wanderers, the only thing you need to do to make the client work is one of the two options:

    1. Just copy ssleay32.dll and libeay32.dll to working directory OR
    2. Install the latest version and set PATH to the folder where the two dlls are located.

    After that you can use QWebSocket without even knowing SSL exists. Just call:

    QWebSocket socket; QUrl("someaddress") );

    And, when the dlls are found the warnings disappear.

    That's it.

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.