Enabling WebSocket Secure (TLS)
The WSS support is provided through a custom per connection extension named WebSocketSecureConnectionExtension.
It requires a certificate object, that will be used to secure the connection:
server.ConnectionExtensions.RegisterExtension(new WebSocketSecureConnectionExtension(certificate)); When using TLS, the clients will need to use the wss:// schema to connect.
How to obtain that certificate object is up to the caller, but this would be a little example:
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates[1];
store.Close();If you find yourself in trouble trying to use your SSL certificate, please give a try to these approaches.
When using TLS, is recommended to increment the number of available parallel negotiations through the WebSocketListener options since TLS negotiation takes a little bit longer:
var options = new WebSocketListenerOptions()
{
NegotiationQueueCapacity = 128,
ParallelNegotiations = 16
}
WebSocketListener server = new WebSocketListener(endpoint, options);
server.Standards.RegisterStandard(new vtortola.WebSockets.Rfc6455.WebSocketFactoryRfc6455(server));
server.ConnectionExtensions.RegisterExtension(new WebSocketSecureConnectionExtension(certificate));Tune the option values to find the config that works out better for you.
WebSocketSecureConnectionExtension also provides a constructor overload that allows to pass a RemoteCertificateValidationCallback to validate client's certificates.
- Remember to change the port number to a one different to the one you used for not secure connections. Some browsers get confused if suddenly a port becomes secure or viceversa.
- Remember to use the hostname indicated in the certificate to connect and not the IP.
- If you are using a self-signed certificate, use it for HTTPS so you can see the dialog for accepting that certificate. When accessing via
WSS://there is not certificate acceptance dialog, it will just fail to connect.