Project

General

Profile

Problem with WSS (Tigase 5.2.0 - 5.2.2)

Thomas Lassauniere
Added over 4 years ago

Hello

i try to enable WebSocket over SSL in tigase

Everything works fine with plain websocket connection (ws://) but when i try to enable SSL on port 5291, brothers can not connect to wss:// on port 5291

My configuration works with a virtual host named "iash".


Here is my init.properties file :

--cluster-mode = false

config-type = --gen-config-def

--debug = server,ws2s

--user-db = derby

--admins = admin@isah

--user-db-uri = jdbc:mysql://172.20.1.62/dmz_dis_tigase?user=&password=

#user-db-uri = jdbc:derby:c:\Tigase\tigasedb

--virt-hosts = isah

--comp-name-3 = message-archive

--comp-class-3 = tigase.archive.MessageArchiveComponent

--comp-class-2 = tigase.socks5.Socks5ProxyComponent

--comp-name-2 = proxy

--comp-class-1 = tigase.muc.MUCComponent

--comp-name-1 = muc

--sm-plugins = +message-archive-xep-0136,+jabber:iq:auth,+urn:ietf:params:xml:ns:xmpp-sasl,+urn:ietf:params:xml:ns:xmpp-bind,+urn:ietf:params:xml:ns:xmpp-session,+jabber:iq:register,+jabber:iq:roster,+presence,+jabber:iq:privacy,+jabber:iq:version,+http://jabber.org/protocol/stats,+starttls,+msgoffline,+vcard-temp,+http://jabber.org/protocol/commands,+jabber:iq:private,+urn:xmpp:ping,+basic-filter,+domain-filter,+pep,-zlib

--tigase.cache = false

--comp-name-4 = ws2s

--comp-class-4 = tigase.server.websocket.WebSocketClientConnectionManager

ws2s/connections/ports[i]=5290,5291

ws2s/connections/5291/socket=ssl

ws2s/connections/5291/type=accept


Firefox logs :

"websocket supported" ChatManager.js:36

"Server URL: wss://isah:5291/http-bind/" ChatManager.js:37

"isah.Contacts.initConnection" Contacts.js:131

"isah.Contacts.authenticate" Contacts.js:134

L'utilisation de « getPreventDefault() » est obsolète. Utiliser « defaultPrevented » à la place. jquery-1.8.2.min.js:2

Firefox ne peut établir de connexion avec le serveur à l'adresse wss://isah:5291/http-bind/. jsjac.uncompressed.js:5198

"websocket error" jsjac.uncompressed.js:1749

"_handleError" ChatManager.js:129


Chrome logs :

websocket supported ChatManager.js:36

Server URL: wss://isah:5291/http-bind/ ChatManager.js:37

isah.Contacts.initConnection Contacts.js:131

isah.Contacts.authenticate Contacts.js:134

WebSocket connection to 'wss://isah:5291/http-bind/' failed: WebSocket opening handshake was canceled jsjac.uncompressed.js:5198

websocket error jsjac.uncompressed.js:1749

_handleError ChatManager.js:129

​…​​


I sent tigase log file in attachment


Do you have any ideas for this issue ?

Thanks a lot !

Thomas

tigase.log.0 (213 KB) tigase.log.0 Tigase server log

Replies (7)

Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 4 years ago

Most likely, Chrome has no idea that it should use SSL socket and attempts to connect over plain socket.

Andrzej: do you have any suggestions? Have you tested websockets over SSL?

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam over 4 years ago

I suppose this issue is related to the fact that browsers may reject connections to wss:// endpoint if SSL certificate is not valid or SSL certificate is not for proper domain or when SSL certificate is self-signed as browser will be unable to validate if certificate is valid and secure.

I would suggest to try to use openssl to verify if proper SSL certificate is served over wss:// endpoint and if certificate is valid.

Added by Thomas Lassauniere over 4 years ago

Thank you for your quick answers.

I'm acutally trying to validate my certificate PEM file with openssl.

Regards

Added by Thomas Lassauniere over 4 years ago

I have generated a self-signed certificate with openssl but i still have error when connecting with websocket.

Can i use a self-signed certificate with tigase? Do you know if browsers accept self-signed certificate for websocket connections?

Thank you in advance

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam over 4 years ago

You can use self-signed certificates with Tigase XMPP Server, but from my observations browsers will reject self-signed certificates for WebSocket connections as they consider them as unsafe. In case of self-signed certificate for HTTPS connection (loading main page) browsers can ask user for confimation that SSL certificate is trusted but in case of WebSocket as it is used from JavaScript it would be difficult for browsers to popup additional questions and for this reason I suppose they reject self-signed or not verified certificates for WebSocket connections.

Added by Thomas Lassauniere over 4 years ago

Yes i think you are right about self-signed certificate and websocket.

I will try a valid certificate.

Regards

Added by Thomas Lassauniere about 4 years ago

Hello

i validated a ssl connection with a signed and valid certificate.

Thank you guys

    (1-7/7)