Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New SSLSocketChannel #717

Open
marci4 opened this issue Jun 3, 2018 · 8 comments
Open

New SSLSocketChannel #717

marci4 opened this issue Jun 3, 2018 · 8 comments
Labels
Refactor up-for-grabs wss

Comments

@marci4
Copy link
Collaborator

marci4 commented Jun 3, 2018
edited

Expected Behavior

There are some known issues with the current implementation SSLSocketChannel2. See #424 & #665. A clean implementation (maybe using SSLSocketChannel) should solve these issues.

Current Behavior

#424 and #665

Possible Solution

New SSLSocketChannel or different ByteChannel implementation
@marci4 marci4 mentioned this issue Jun 8, 2018
Open
@marci4
Copy link
Collaborator Author

marci4 commented Jun 8, 2018

Testing the usage of https://github.com/marianobarrios/tls-channel

@theAprel
Copy link
Contributor

Hi, any progress updates on this? Is a branch or test binary available that incorporates marianobarrios's ByteChannel implementation?

@marci4
Copy link
Collaborator Author

marci4 commented Aug 14, 2018

Hello @theAprel,

not really. I am currently to busy do invest a lot of time in this project due to my work load.

It looked like it would require some bigger changes...

You wanna take a look at this?

Best regards,
marci4

@theAprel
Copy link
Contributor

I gave it a shot this morning. The largest obstacle is marianobarrios/tls-channel requires Java 8, and this project supports back to Java 6, which likely rules it out as a solution. That aside, I tried it anyway to see if it would fix the WSS problems.

I didn't get very far, but I'll type out my progress in case anyone finds it useful. I replaced the return statements of wrapChannel in DefaultSSLWebSocketServerFactory.java and CustomSSLWebSocketServerFactory.java with return ServerTlsChannel.newBuilder(channel, sslcontext).build();, but when I tried to connect to the WSS server, my client gives a ssl3_write_bytes:ssl handshake failure error. The java_websocket wss server prints this line Removing connection which is not in the connections collection! Possible no handshake recieved! So I couldn't get past the handshake. I am a bit confused why WebSocketServer doesn't add the connection to its internal collection until after the handshake process (which is what the server error message suggests), so I'm probably missing something.

I tried to force the handshake to see if that would help. The tls-channel project has a handshake() method for this, so I tried that. I also tried writing an empty ByteBuffer to the channel before returning it from wrapChannel, since I noticed SSLSocketChannel2 does this in its constructor to jumpstart the handshake. Didn't help; same error messages on both sides.

I'm going to use a reverse proxy to handle the TLS layer and use ws with java_websockets until the issues with wss are resolved.

@marci4
Copy link
Collaborator Author

marci4 commented Aug 14, 2018

Hello @theAprel,
thanks for your feedback.

Well I personally have no problem dropping the 1.6 support...
Java 10 is the active version and I do not see any problems going up to 1.8.
I don't know if there would be problems with Android but on the other hand, Google copying everything from Java has the side affect that everything is currently working...

Thank you for your progress report. It may help me, if I will ever have more free time available.

Do you mind telling me why you have a problem with wss in your project? Currently running both server and client in production using wss.

Best regards,
marci4

@theAprel
Copy link
Contributor

I'll add one more thing: when I use ws to test the server, it immediately returns EOF. onOpen or any of the other WebSocketServer callbacks are not executed. I'm not sure why changing the ByteChannel implementation causes this behavior.

As for my current issue with wss, my wss server arbitrarily fails to accept wss connections from Firefox. One connection can work fine; the next one times out. My team has been unable to replicate in Chrome, but we're seeing it in Firefox. It doesn't help our diagnostic process that Firefox prints so little information to the console on failed connections. They just timeout trying to connect to the wss server. Cert is signed by Let's Encrypt, and the cert looks fine in the developer tools for connections that do manage to connect in FF. If I disable wss, I don't have problems with FF connections. Looking over the issue tracker, I see that SSL issues with FF has come up before. Our wss server also opens and closes WSS connections rapidly, which led me to #665 . I'm tempted to try applying the patch in that issue to see if it helps.

@marci4
Copy link
Collaborator Author

marci4 commented Aug 14, 2018

Hello @theAprel,

thanks again for your feedback!

Going to focus a bit more effort into wss then!

Best regards,
marci4

@marci4 marci4 mentioned this issue Oct 29, 2018
Closed
@marci4 marci4 mentioned this issue Jan 9, 2019
Closed
@marci4 marci4 mentioned this issue Oct 25, 2020
Open
@tigrehuang
Copy link

It could be an issue from JRE version. Please try to upgrade or downgrade JRE. This is how I did after I found this issue in my project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Refactor up-for-grabs wss
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@theAprel @marci4 @tigrehuang