Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

FP11 SecureSocket support & socket connection timeout param #122

Open
wants to merge 2 commits into from

2 participants

@TilmanGriesel

We encountered some SSL/TLS connection problems with f5 load balancers and SSL offloading. We fixed this with a implementation of the new SecureSocket provided by adobe. Another problem was the long connection timeout (20s). We think we give this back to the community, thanks for the great library.

TilmanGriesel added some commits
@TilmanGriesel TilmanGriesel added SecureSocket support
- added an option to use the new SecureSocket class to build on SSL/TLS web socket connections
ca9ed3d
@TilmanGriesel TilmanGriesel added connection timeout param ab06d97
@gimite
Owner

I heard that using SecureSocket causes other issues. See #68 . Can you explain detail of the issue you encountered?

Because native WebSocket in Web browsers doesn't support timeout specification, I won't add it to web-socket-js. You can still implement timeout in your application by checking if "open" event fires in X seconds.

@TilmanGriesel

Thanks for the information and response. We encountered, that the server never respond to our request header. I don't know exactly why this is happen. After a lot of investigation i wrote my own Web-socket implementation prototype. I never got valid connections with the hurlant lib. After a try with the native SecureSocket class the connection was established immediately. I think it is a good way to provide multiple methods to connect to the server.

@gimite
Owner

I see, thanks for the explanation. What WebSocket server do you use? Or did you write your own?

Until the exact cause is clear or other people report the same issue, I want to pend it for now, because it's not clear whether it's general issue or specific to your environment at this moment.

@TilmanGriesel

The WebSocket Server was Slanger [https://github.com/stevegraham/slanger] with an f5 big-ip load balancer [http://www.f5.com/products/big-ip]. The SSL connection was provided by the f5 (ssl offloading)[http://www.f5.com/glossary/ssl-offloading.html].
With other wss servers i never experienced this problem. Only on our production environment with the f5 this problem exists.

btw: Your web-socket-ruby implementation connects to the f5 wss without any problems.
(this is the reason why I think something is broken in the hurlant lib)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Aug 28, 2012
  1. @TilmanGriesel

    added SecureSocket support

    TilmanGriesel authored
    - added an option to use the new SecureSocket class to build on SSL/TLS web socket connections
Commits on Aug 30, 2012
  1. @TilmanGriesel
This page is out of date. Refresh to see the latest.
Showing with 40 additions and 14 deletions.
  1. +40 −14 flash-src/src/net/gimite/websocket/WebSocket.as
View
54 flash-src/src/net/gimite/websocket/WebSocket.as
@@ -60,6 +60,8 @@ public class WebSocket extends EventDispatcher {
private var rawSocket:Socket;
private var tlsSocket:TLSSocket;
private var tlsConfig:TLSConfig;
+ private var secureSocket:SecureSocket;
+
private var socket:Socket;
private var acceptedProtocol:String;
@@ -72,11 +74,16 @@ public class WebSocket extends EventDispatcher {
private var logger:IWebSocketLogger;
private var base64Encoder:Base64Encoder = new Base64Encoder();
+ private var useFlashSecureSocket:Boolean;
+ private var connectionTimeout:int;
+
public function WebSocket(
- id:int, url:String, protocols:Array, origin:String,
- proxyHost:String, proxyPort:int,
- cookie:String, headers:String,
- logger:IWebSocketLogger) {
+ id:int, url:String, protocols:Array, origin:String,
+ proxyHost:String, proxyPort:int,
+ cookie:String, headers:String,
+ logger:IWebSocketLogger,
+ useFlashSecureSocket:Boolean = false,
+ connectionTimeout:int = 1000) {
this.logger = logger;
this.id = id;
this.url = url;
@@ -90,6 +97,8 @@ public class WebSocket extends EventDispatcher {
this.origin = origin;
this.requestedProtocols = protocols;
this.cookie = cookie;
+ this.useFlashSecureSocket = useFlashSecureSocket;
+ this.connectionTimeout = connectionTimeout;
// if present and not the empty string, headers MUST end with \r\n
// headers should be zero or more complete lines, for example
// "Header1: xxx\r\nHeader2: yyyy\r\n"
@@ -106,19 +115,33 @@ public class WebSocket extends EventDispatcher {
} else {
rawSocket = new Socket();
if (scheme == "wss") {
- tlsConfig= new TLSConfig(TLSEngine.CLIENT,
- null, null, null, null, null,
- TLSSecurityParameters.PROTOCOL_VERSION);
- tlsConfig.trustAllCertificates = true;
- tlsConfig.ignoreCommonNameMismatch = true;
- tlsSocket = new TLSSocket();
- tlsSocket.addEventListener(ProgressEvent.SOCKET_DATA, onSocketData);
- socket = tlsSocket;
+ if(!useFlashSecureSocket) {
+ logger.log('using tlsSocket');
+ tlsConfig= new TLSConfig(TLSEngine.CLIENT,
+ null, null, null, null, null,
+ TLSSecurityParameters.PROTOCOL_VERSION);
+ tlsConfig.trustAllCertificates = true;
+ tlsConfig.ignoreCommonNameMismatch = true;
+ tlsSocket = new TLSSocket();
+ tlsSocket.addEventListener(ProgressEvent.SOCKET_DATA, onSocketData);
+ socket = tlsSocket;
+ }
+ else
+ {
+ logger.log('using internal SecureSocket');
+ secureSocket = new SecureSocket();
+ secureSocket.addEventListener(ProgressEvent.SOCKET_DATA, onSocketData);
+ rawSocket = socket = secureSocket;
+ }
} else {
rawSocket.addEventListener(ProgressEvent.SOCKET_DATA, onSocketData);
socket = rawSocket;
}
}
+
+ // apply timeout to socket connections
+ rawSocket.timeout = socket.timeout = connectionTimeout;
+
rawSocket.addEventListener(Event.CLOSE, onSocketClose);
rawSocket.addEventListener(Event.CONNECT, onSocketConnect);
rawSocket.addEventListener(IOErrorEvent.IO_ERROR, onSocketIoError);
@@ -220,8 +243,11 @@ public class WebSocket extends EventDispatcher {
logger.log("connected");
if (scheme == "wss") {
- logger.log("starting SSL/TLS");
- tlsSocket.startTLS(rawSocket, host, tlsConfig);
+ if(!useFlashSecureSocket)
+ {
+ logger.log("starting SSL/TLS");
+ tlsSocket.startTLS(rawSocket, host, tlsConfig);
+ }
}
var defaultPort:int = scheme == "wss" ? 443 : 80;
Something went wrong with that request. Please try again.