SSL Handshake Failed in BB10 QNX Momentics IDE

Question

I'm trying to make a connection to a web service that uses SSL. I'm working with Blackberry 10 in C++ with the QNX IDE Momentics. The connection that I'm trying to do is as follows:

URL: "https://movilapi...."

Code:

networkAccessManager = new QNetworkAccessManager(this);
    bool res = connect(networkAccessManager, SIGNAL(finished(QNetworkReply*)),
            this, SLOT(requestFinished(QNetworkReply*)));

    Q_ASSERT(res);
    Q_UNUSED(res);

    QNetworkRequest request = QNetworkRequest(QUrl(url));
    request.setRawHeader("User-Agent", "bb-phone/20120910");
    request.setRawHeader("Content-Type", "application/json");
    request.setRawHeader("Content-Length", postDataSize);

    QSslConfiguration sslConfig = request.sslConfiguration();
    sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
    sslConfig.setProtocol(QSsl::TlsV1);
    request.setSslConfiguration(sslConfig);

        networkAccessManager->post(request, outData);

I'm always getting the same error no matter which service I try to reach. The response is: SSL handshake failed

Wireshark Info:

Protocol Length Info
SSLv2    157    Client Hello
TLSv1    1202   Server Hello, Certificate, Server Hello Done
TLSv1    449    Client Key Exchange
TLSv1    60     Change Cipher Spec
TLSv1    91     Encrypted Handshake Message
TLSv1    97     Change Cipher Spec, Encrypted Handshake Message
TLSv1    605    Application Data
TLSv1    280    Application Data
TLSv1    277    Application Data
TLSv1    121    Application Data
TLSv1    92     Application Data
TLSv1    297    Application Data, Application Data, Application Data, Application Data
TLSv1    77     Encrypted Alert

The Encrypted Alert content type is 21

The servers ciphersuites is in the list of supported ciphersuites of the client.

I'm using the following lib to make the connection: QtNetwork/qnetworkreply.h

I hope this new info improve the quality of the question.

Please help, I've been searching for hours without success.

Answer 1

After getting in touch with a few RIM personal about this particular issue we found out that the TLS/SSL server is intolerant of certain extensions, so with the following Qt code to disable transmission of extensions the connection was succesfully made through https:

QSslConfiguration cfg(request.sslConfiguration());
cfg.setSslOption(QSsl::SslOptionDisableSessionTickets, true);
request.setSslConfiguration(cfg);

I want to make special mention of the Application Development department of Research In Motion for the attention and the effort invested on this issue until we finally got the right way to go.

Below is the entire connection code in case that anybody is facing this need:

networkAccessManager = new QNetworkAccessManager(this);
bool res = connect(networkAccessManager, SIGNAL(finished(QNetworkReply*)),
            this, SLOT(requestFinished(QNetworkReply*)));    
QNetworkRequest request = QNetworkRequest(QUrl(url));
request.setRawHeader("User-Agent", "BB_PHONE/20120926");
request.setRawHeader("Content-Type", "application/json");
request.setRawHeader("Content-Length", postDataSize);

QSslConfiguration sslConfig = request.sslConfiguration();
sslConfig.setPeerVerifyMode(QSslSocket::VerifyNone);
sslConfig.setPeerVerifyDepth(1);
sslConfig.setProtocol(QSsl::TlsV1);
sslConfig.setSslOption(QSsl::SslOptionDisableSessionTickets, true);

request.setSslConfiguration(sslConfig);
networkAccessManager->post(request, outData);

Answer 2

Does your server support TLS v.1? Maybe it is configured only for SSLv2-3, or TLS v1.1-1.2 The other possible way is that there are no shared by client and server ciphersuites. Run Wireshark, it will show handshake packets exchange. There you can see supported ciphersuites, SSL/TLS versions and some other info.