Your ciphers are too good for the server - it wants terrible ones. eg. RC4-MD5:
openssl s_client -connect www.webnotes.cz:443 -cipher RC4-MD5 Cheers Rich. On 28 March 2017 at 17:41, Thiago Macieira <thiago.macie...@intel.com> wrote: > On terça-feira, 28 de março de 2017 09:39:41 PDT Thiago Macieira wrote: > > On terça-feira, 28 de março de 2017 09:28:17 PDT Richard Moore wrote: > > > There isn't a bug in Qt here. The server isn't transmitting the full > > > chain > > > as it's required to. You can bypass the error in the normal way if you > > > really need to - read the docs. > > > > I did get a cert-invalid error with GnuTLS, but OpenSSL didn't get even > that > > far. The connection breaks down during the handshake phase. > > > > Packet capture shows the client sent Client Hello and then the connection > > was immediately torn down by the server (TCP FIN). The Hello was: > > > > SSL Record Layer: Handshake Protocol: Client Hello > > Content Type: Handshake (22) > > Version: TLS 1.0 (0x0301) > > Length: 312 > > Handshake Protocol: Client Hello > > Handshake Type: Client Hello (1) > > Length: 308 > > Version: TLS 1.2 (0x0303) > > Random > > Session ID Length: 0 > > Cipher Suites Length: 170 > > Cipher Suites (85 suites) > > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > (0xc02c) > > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > (0xc024) > > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) > > Cipher Suite: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0x00a5) > > Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3) > > Cipher Suite: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0x00a1) > > Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) > > Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) > > Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) > > Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) > > Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) > > Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) > > Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) > > Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) > > Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) > > Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) > > Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) > > Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086) > > Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085) > > Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032) > > Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 > (0xc02e) > > Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a) > > Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 > (0xc026) > > Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) > > Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) > > Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) > > Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) > > Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) > > Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) > > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 > (0xc02b) > > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > (0xc023) > > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) > > Cipher Suite: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4) > > Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2) > > Cipher Suite: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0x00a0) > > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) > > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) > > Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040) > > Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f) > > Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e) > > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) > > Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) > > Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031) > > Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030) > > Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a) > > Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099) > > Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098) > > Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097) > > Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) > > Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) > > Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043) > > Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042) > > Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031) > > Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 > (0xc02d) > > Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029) > > Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 > (0xc025) > > Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) > > Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) > > Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) > > Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) > > Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) > > Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096) > > Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) > > Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) > > Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c) > > Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002) > > Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) > > Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) > > Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) > > Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) > > Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) > > Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) > > Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010) > > Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d) > > Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d) > > Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003) > > Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) > > Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) > > Compression Methods Length: 1 > > Compression Methods (1 method) > > Compression Method: null (0) > > Extensions Length: 97 > > Extension: server_name > > Type: server_name (0x0000) > > Length: 20 > > Server Name Indication extension > > Extension: ec_point_formats > > Type: ec_point_formats (0x000b) > > Length: 4 > > EC point formats Length: 3 > > Elliptic curves point formats (3) > > Extension: elliptic_curves > > Type: elliptic_curves (0x000a) > > Length: 16 > > Elliptic Curves Length: 14 > > Elliptic curves (7 curves) > > Elliptic curve: secp256r1 (0x0017) > > Elliptic curve: secp521r1 (0x0019) > > Elliptic curve: brainpoolP512r1 (0x001c) > > Elliptic curve: brainpoolP384r1 (0x001b) > > Elliptic curve: secp384r1 (0x0018) > > Elliptic curve: brainpoolP256r1 (0x001a) > > Elliptic curve: secp256k1 (0x0016) > > Extension: SessionTicket TLS > > Type: SessionTicket TLS (0x0023) > > Length: 0 > > Data (0 bytes) > > Extension: signature_algorithms > > Type: signature_algorithms (0x000d) > > Length: 32 > > Signature Hash Algorithms Length: 30 > > Signature Hash Algorithms (15 algorithms) > > Extension: Heartbeat > > Type: Heartbeat (0x000f) > > Length: 1 > > Mode: Peer allowed to send requests (1) > > For reference, the GnuTLS Hello: > > TLSv1 Record Layer: Handshake Protocol: Client Hello > Content Type: Handshake (22) > Version: TLS 1.0 (0x0301) > Length: 257 > Handshake Protocol: Client Hello > Handshake Type: Client Hello (1) > Length: 253 > Version: TLS 1.2 (0x0303) > Random > Session ID Length: 0 > Cipher Suites Length: 114 > Cipher Suites (57 suites) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 > (0xc087) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 > (0xcca9) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 > (0xc073) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 > (0xc086) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 > (0xc072) > Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) > Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 > (0xc08b) > Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > (0xcca8) > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) > Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 > (0xc077) > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) > Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 > (0xc08a) > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) > Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 > (0xc076) > Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) > Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) > Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07b) > Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d) > Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) > Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) > Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) > Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0) > Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) > Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07a) > Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c) > Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) > Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) > Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) > Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba) > Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) > Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) > Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 > (0xc07d) > Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 > (0xccaa) > Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f) > Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) > Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) > Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) > Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 > (0x00c4) > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) > Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 > (0xc07c) > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e) > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) > Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) > Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) > Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 > (0x00be) > Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) > Compression Methods Length: 1 > Compression Methods (1 method) > Compression Method: null (0) > Extensions Length: 98 > Extension: Extended Master Secret > Type: Extended Master Secret (0x0017) > Length: 0 > Extension: encrypt then mac > Type: encrypt then mac (0x0016) > Length: 0 > Data (0 bytes) > Extension: status_request > Type: status_request (0x0005) > Length: 5 > Certificate Status Type: OCSP (1) > Responder ID list Length: 0 > Request Extensions Length: 0 > Extension: server_name > Type: server_name (0x0000) > Length: 20 > Server Name Indication extension > Extension: renegotiation_info > Type: renegotiation_info (0xff01) > Length: 1 > Renegotiation Info extension > Extension: SessionTicket TLS > Type: SessionTicket TLS (0x0023) > Length: 0 > Data (0 bytes) > Extension: elliptic_curves > Type: elliptic_curves (0x000a) > Length: 12 > Elliptic Curves Length: 10 > Elliptic curves (5 curves) > Elliptic curve: secp256r1 (0x0017) > Elliptic curve: secp384r1 (0x0018) > Elliptic curve: secp521r1 (0x0019) > Elliptic curve: secp224r1 (0x0015) > Elliptic curve: secp192r1 (0x0013) > Extension: ec_point_formats > Type: ec_point_formats (0x000b) > Length: 2 > EC point formats Length: 1 > Elliptic curves point formats (1) > Extension: signature_algorithms > Type: signature_algorithms (0x000d) > Length: 22 > Signature Hash Algorithms Length: 20 > Signature Hash Algorithms (10 algorithms) > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel Open Source Technology Center > > _______________________________________________ > Interest mailing list > Interest@qt-project.org > http://lists.qt-project.org/mailman/listinfo/interest >
_______________________________________________ Interest mailing list Interest@qt-project.org http://lists.qt-project.org/mailman/listinfo/interest
