Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

TLS/SSL support #29

Closed
pors opened this Issue · 6 comments

5 participants

@pors

In the open issues in the readme you state: "Haven't tested TLS for the Server. (Perhaps this is handled automatically by attaching the WebSocket server to a https.createServer instead of http.createServer?) My server implements TLS via stunnel->haproxy->node."

I can confirm it works out of the box.

In the server example script I created a https server and at the client side I call "wss://".

Cheers,
Mark

@theturtle32
Owner

Fantastic! I'll update the README. Thanks!

@karanm0830

in the echo-server.js (under test/), i did what pors mentioned in the above post, creating https server on the server side and replacing w/ wss on the client, but it still didn't work for me. could you please help out?

@theturtle32
Owner
@jamesjenner

Note that your client must have the certificate accepted. If you have the https setup you can browse to that manually and then you will get the 'accept cert' message, after which you will be able to connect.

I'm not sure on the behaviour on firefox, but with chrome you will get absolutely nothing if you try and connect via websockets to a server via ssl and you don't have the certificate imported into chrome. Even debugging javascript will not help, there are no errors, no nothing. From memory chrome acts as though no connection exists. If you wish to see a working example have a look at my videre-server.js project and my videre project. It optionally uses ssl and works fine.

@ergousha

Yes, I confirm James. I have a https setup and wss server. When I try connect to wss server from https web page, I can not connect from Firefox. I must manually request wss connection first, then firefox warn for certificate, When I accept certificate, later it works normally. However Firefox does not warn or load wss certificate automatically.
I also test with Chrome and it works normally. (It automatically load wss certificate without manually pointing it)
Safari behaves same as Firefox.
If we think about browser's security chain, it should be fine asking user about certificate acceptance if there is another ssl request from https web page loaded. But it does not even ask. That seems problem.
Although system works normally after manually force requesting wss certificate, this is not useful for common users. Do someone has an idea how to solve it?

@jamesjenner

I'm not aware of a way. I did a bit of searching on this a while back and it seems it's intentional (well for google). It seems that they intentionally do not prompt the user if javascript uses websockets to connect to a wss that is an upgrade of a https that the browser has not browsed to. I can see the logic in this. It's annoying but I do understand why they do this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.