Hi John, On Thu, Jan 5, 2017 at 11:23 AM, John Cartwright < [email protected]> wrote:
> Thanks. I used wireshark to trace the session and it appears that QGIS is > attempting to make the connection with TLSv1 which I think is at least part > of the problem. > > Can either of you tell me what protocol and cipher suites you’re using? > what OS you’re running on? Is there anyway to force QGIS to use a > different protocol? > In Options -> Authentication -> Manage Certificates -> Servers, which is where SSL Server configurations are listed after they are optionally created in the SSL Error dialog. In an SSL Server configuration, you can set the protocol, though I am unsure why you would *not* want to use TLSv1, since the SSLv2|3 protocols have known vulnerabilities. http://drive.dakotacarto.com/qgis/qgis2-ssl-protocols.png Cipher suites are a bit harder to manage. Although one could use QSslConfiguration::setCiphers(), this is not supported in QGIS's SSL server configurations [0]. I believe you would need to do this via OpenSSL configuration. [0] http://doc.qt.io/qt-4.8/qsslconfiguration.html#setCiphers Regards, Larry Shaffer Dakota Cartography Black Hills, South Dakota > Thanks! > > —john > > On Jan 4, 2017, at 1:59 AM, Pasquale Di Donato < > [email protected]> wrote: > > Hi John, > > I can access your service too. Using QGIS 2.14.8. > Maybe you have an issue with a proxy? > > Pasquale > > On Wed, Jan 4, 2017 at 12:57 AM, Jorge Gustavo Rocha <[email protected]> > wrote: > >> Hi John, >> >> I've added your WMS service and it works without any problem. I've just >> added the url and the connect works. The capabilities are displayed. >> >> You can check the print screen [1] with your https WMS layer. >> >> I'm using QGIS 2.18.2 on Ubuntu. Which OS are you using? >> >> Regards, >> >> Jorge Gustavo >> >> [1] http://webgis.di.uminho.pt/~jgr/wms%20with%20https.png >> >> >> Às 17:42 de 03-01-2017, John Cartwright escreveu: >> >>> Thanks for your reply Luigi! To be clear, the WMS service that I’m >>> trying to connect to does not require a username/password but is only >>> available via https. The server (https://maps.ngdc.noaa.gov) has a >>> valid CA certificate. I tried adding a SSL Server Configuration >>> (preferences -> authentication -> Manage Certificates -> Server) and >>> while the entry appears to be valid, I still get the SSL Handshake error >>> when trying add a WMS layer. >>> >>> Any further ideas? Here’s the actual URL I’m trying to add: >>> >>> https://maps.ngdc.noaa.gov/arcgis/services/gebco08_hillshade >>> /MapServer/WMSServer?request=GetCapabilities&service=WMS >>> >>> Thanks again for your help! >>> >>> —john >>> >>> >>> On Jan 2, 2017, at 1:52 AM, Luigi Pirelli <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi John >>>> >>>> SSL is managed storing credentials using the QGIS Authentication >>>> Manager that store credentials in the same way as Firefox, in a master >>>> pwd crypted store in your $home/.qgis2/qgis-auth.db. >>>> You should managed credentials using Settings->options->authentication. >>>> >>>> QGIS uses OpenSSL => and specifically can import different king of >>>> credential method (using plugins => can be expanded). De default auth >>>> method installed are listed in the documentation: >>>> https://docs.qgis.org/2.14/en/docs/user_manual/auth_system/a >>>> uth_overview.html >>>> >>>> what is you auth method? can you explain the workflow you followed to >>>> store and use your credentials? >>>> >>>> regards >>>> Luigi Pirelli >>>> >>>> ************************************************************ >>>> ************************************** >>>> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com >>>> * LinkedIn: https://www.linkedin.com/in/luigipirelli >>>> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli >>>> * GitHub: https://github.com/luipir >>>> * Mastering QGIS 2nd Edition: >>>> * >>>> https://www.packtpub.com/big-data-and-business-intelligence/ >>>> mastering-qgis-second-edition >>>> ************************************************************ >>>> ************************************** >>>> >>>> >>>> On 29 December 2016 at 22:38, John Cartwright >>>> <[email protected]> wrote: >>>> >>>>> Hello All, >>>>> >>>>> I’m trying to use a WMS service over https and get the following >>>>> error when trying to connect: >>>>> >>>>> Failed to download capabilities: >>>>> Download of capabilities failed: SSL handshake failed >>>>> >>>>> The URL works fine in a browser though. I’m guessing that QGIS and >>>>> the server are not able to agree on a cipher suite. Can anyone tell >>>>> me what ciphers QGIS supports or any way to get more insight into the >>>>> underlying problem? >>>>> >>>>> QGIS is version 2.18.2. >>>>> >>>>> Thanks! >>>>> >>>>> —john >>>>> >>>>> _______________________________________________ >>>>> Qgis-user mailing list >>>>> [email protected] >>>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user >>>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user >>>>> >>>> >>> >>> >>> _______________________________________________ >>> Qgis-user mailing list >>> [email protected] >>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user >>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user >>> >>> >> J. Gustavo >> -- >> Jorge Gustavo Rocha >> Departamento de Informática >> Universidade do Minho >> 4710-057 Braga >> Tel: +351 253604480 >> Fax: +351 253604471 >> Móvel: +351 910333888 >> skype: nabocudnosor >> >> >> _______________________________________________ >> Qgis-user mailing list >> [email protected] >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-user >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user >> > > _______________________________________________ > Qgis-user mailing list > [email protected] > List info: http://lists.osgeo.org/mailman/listinfo/qgis-user > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user > > > > _______________________________________________ > Qgis-user mailing list > [email protected] > List info: http://lists.osgeo.org/mailman/listinfo/qgis-user > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user >
_______________________________________________ Qgis-user mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-user
