The site download.qt.io seems to apply some mirror-via-HTTP-redirect scheme which, unfortunately, seems broken (and therefore annoyingly slow) for non-SSL-secured URLs.
Now SHA256 has been shown to be an adequate replacement for SHA1, use SHA256 for verifying all port downloads. Ref #2767
Fixes #2792