Unable to connect to websocket server using wss:// #10744
Comments
|
The same issue occurs in Mironaut version 4.3.6 so it looks like it is not purely related to 4.4.0 version Are we doing something wrong or do we miss some configuration for WSS? |
@iNviNho I don't think (yet) that you're doing anything wrong. I have been investigating and was able to reproduce it in multiple Micronaut 4.x versions as well. It seems to be specific to the SSL implementation. I will update as I learn more. |
|
@iNviNho I have tracked it down to an issue with our ALPN implementation. We do not currently support WebSockets over an HTTP 2 connection (as far as I know, Netty does not yet have an official implementation of RFC8441), but we are advertising support for HTTP 2 in the TLS handshake when making the initial connection to the endpoint. I believe that is what is causing the server to drop the connection. You can work around it for now by setting I will need to implement a fix to force the WebSocket client to only advertise HTTP 1.1 in the TLS handshake. |
|
Thank you @jeremyg484 . Setting micronaut:
http:
client:
alpn-modes: http/1.1didn't work but setting alpnMode on the @client already makes a difference @Client(value = "talos-ws", alpnModes = "http/1.1")after that we got the error invalid WebSocket Extension handshake for "permessage-deflate; server_no_context_takeover; client_no_context_takeover"which we fixed by enabling compression compression:
enabled: falseand now everything works as expected 🍾 Thank you so far for your assistance! |
|
Note that |
Connection manager is updated to use a separate SSLContext for WebSocket connections that will only advertise http/1.1 in the list of supported protocols in the ALPN section of the TLS handshake. WebSocket is not currently supported over HTTP 2 connections, thus if an HTTP 2 connection is established through ALPN, the subsequent upgrade to the WebSocket protocol would fail. This resolves #10744
* Force secure WebSocket connections to use http/1.1 Connection manager is updated to use a separate SSLContext for WebSocket connections that will only advertise http/1.1 in the list of supported protocols in the ALPN section of the TLS handshake. WebSocket is not currently supported over HTTP 2 connections, thus if an HTTP 2 connection is established through ALPN, the subsequent upgrade to the WebSocket protocol would fail. This resolves #10744 * Enable ALPN with Websocket and ensure SSLContext released. * Lazily create websocket SSL context per connection * Use lazily intialized field for WebSocket SSL context. * Actually initialize in the initializer.
Expected Behavior
When installing fresh Micronaut 4.4.0 application
and creating these 2 classes
and
I expect application to connect to websocket server.
Actual Behaviour
The application fails with error
it works correctly if I connect to non wss:// (e.g. ws://localhost:8080)
These are the debug logs from the netty
Steps To Reproduce
Install fresh micronaut 4.4.0 application
with these dependencies
dependencies {
annotationProcessor("io.micronaut:micronaut-http-validation")
annotationProcessor("io.micronaut.serde:micronaut-serde-processor")
implementation("io.micronaut:micronaut-websocket")
implementation("io.micronaut.reactor:micronaut-reactor-http-client")
implementation("io.micronaut.serde:micronaut-serde-jackson")
compileOnly("io.micronaut:micronaut-http-client")
runtimeOnly("ch.qos.logback:logback-classic")
testImplementation("io.micronaut:micronaut-http-client")
}
The text was updated successfully, but these errors were encountered: