Skip to content
This repository has been archived by the owner on Sep 20, 2021. It is now read-only.

TLS Support #77

Open
Pierozi opened this issue Oct 5, 2016 · 10 comments
Open

TLS Support #77

Pierozi opened this issue Oct 5, 2016 · 10 comments

Comments

@Pierozi
Copy link
Member

Pierozi commented Oct 5, 2016

The TLS support of WebSocket is partially working.
The enableEncryption method was forgot in Server side.

I've open a PR with demo on my Fork for trying to make it work. (certificate included)
Once the enableEncryption are fix; the php client are working, but not a web browser.

https://github.com/Pierozi/Websocket/pull/1/files#diff-5a72b4fa5efc1217f53f085c8580c79eR94

Maybe this is due to my certificate, self-signed, works great with php client because i've set context who allow self-signed and not verify peer.

If anyone have time to test it with real certificate, that could be good.

@Pierozi
Copy link
Member Author

Pierozi commented Oct 11, 2016

@Hywan next step is to make real test with anothers Clients.
Yesterday i've tried with Go Client Gorilla
but the support of TLS is not esay to enable.

The Browser client like Chrome still don't work, but I only make test with self-signed TLS certificate.
If anyone know how to reprocude this context on Javascript client, please leave a comment.

@Hywan
Copy link
Member

Hywan commented Oct 11, 2016

@Pierozi Why not having a self-signed certificate for both the client and the server and test with Hoa\Websocket\Client and Hoa\Websocket\Server? Where is the issue with this strategy?

@Pierozi
Copy link
Member Author

Pierozi commented Oct 11, 2016

Huh ? Both ? It's web standard SSL handshake is one way, server side certificate.
My patch fix TLS issue for let Hoa\WebSocket\Client work with Hoa\WebSocket\Server

now we need make it compatible with others clients, and maybe is not an Hoa issue.
You see if you setup Server with encryption, the client cannot work with the propers settings. because it's responsabilities to client to allow self-signed certificate and not verify host. it's HTTPS rules

@rokha
Copy link

rokha commented Dec 30, 2016

Hi @Pierozi and @Hywan
I used this library into my PHP+Angular application and got an SSL certificate from letsencrypt. Post that I couldn't connect to the server as it would fail authentication. @Pierozi my client was in JS and I tested from Chrome and Mozilla while the server is LAMP with Laravel. Eventually, I switched back to http. I was wondering if you guys had a chance to peek under the hood again.

Since I am new to websockets, I couldn't come up with a solution. Let me know if I can help.

@Pierozi
Copy link
Member Author

Pierozi commented Dec 30, 2016

@rokha thanks for your feedback, issue is clearly related to our implementation of Hoa\Http beside Hoa\WebSocket the SSL Handshake fail.

Let's encrypt is a good candidate for our test, i will try to update my POC today with it and let you know.

btw, you didn't know a WebSocket client supporting TLS ?

@rokha
Copy link

rokha commented Dec 30, 2016

@Pierozi Initially I tested with a chrome extension I found. I tested Hoa\WebSocket for ws only. Later when my application started to work as expected, I switched ws to wss and it didn't. I hope this is what you were looking for.

@Pierozi
Copy link
Member Author

Pierozi commented Jan 6, 2017

Hello @rokha, after couples research it seems no one really care about direct TLS encryption of websocket server because in real use case you will certainly have a Load balancer or Proxy webserver like Nginx who will deal the encryption and forward into your private network the websocket.

@Hywan
Copy link
Member

Hywan commented Jan 8, 2017

ping?
#78 has been merged. Can we close this one?

@Pierozi
Copy link
Member Author

Pierozi commented Jan 9, 2017

Encryption work between our Client and Server, but not with HTTPS Client.

@Hywan
Copy link
Member

Hywan commented Jan 9, 2017

@Pierozi What should we do to get it works?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Development

No branches or pull requests

3 participants