WebSocket opening handshake timed out

[iiiyx]

Describe the bug

• Using this library as WSS Android Server.
• Using correct BKS keystore. It is self-signed but it is working well with other library. This also means that client is well configured to accept self-signed certificates.
• Using all workarounds from wiki.
  But still can't connect to the server: WebSocket opening handshake timed out

Example application to reproduce the issue

import android.util.Log;

import org.java_websocket.WebSocket;
import org.java_websocket.drafts.Draft;
import org.java_websocket.exceptions.InvalidDataException;
import org.java_websocket.framing.CloseFrame;
import org.java_websocket.handshake.ClientHandshake;
import org.java_websocket.handshake.ServerHandshakeBuilder;
import org.java_websocket.server.CustomSSLWebSocketServerFactory;
import org.java_websocket.server.WebSocketServer;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;

public class WsServer extends WebSocketServer {
  private static final String KEYSTORE_SERVER_FILE = "/res/raw/ks.bks";
  private static final String KEYSTORE_PWD = "ks";
  private static final String KEYSTORE_KEY_PWD = "ks";
  private static final String KEYSTORE_TYPE = "BKS";
  private static final String TAG = WsServer.class.getSimpleName();

  public WsServer(int port) {
    super(new InetSocketAddress(port));
    CustomSSLWebSocketServerFactory sslWsFactory = getSslWsFactory();
    if (sslWsFactory != null) {
      this.setWebSocketFactory(sslWsFactory);
      Log.d(TAG, "SSL context is set");
    }
  }

  private CustomSSLWebSocketServerFactory getSslWsFactory() {
    SSLContext sslContext;
    try {
      KeyStore ks;
      ks = KeyStore.getInstance( KEYSTORE_TYPE );
      ks.load( getClass().getResourceAsStream(KEYSTORE_SERVER_FILE), KEYSTORE_PWD.toCharArray() );

      KeyManagerFactory kmf = KeyManagerFactory.getInstance( "X509" );
      kmf.init( ks, KEYSTORE_KEY_PWD.toCharArray() );
      TrustManagerFactory tmf = TrustManagerFactory.getInstance( "X509" );
      tmf.init( ks );

      sslContext = SSLContext.getInstance( "TLS" );
      sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );
    }
    catch (KeyStoreException | IOException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | KeyManagementException e) {
      Log.e(TAG, "Can't make SSL context", e);
      return null;
    }
    //Lets remove some ciphers and protocols
    SSLEngine engine = sslContext.createSSLEngine();
    List<String> ciphers = new ArrayList<>(Arrays.asList(engine.getEnabledCipherSuites()));
    ciphers.remove("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
    List<String> protocols = new ArrayList<>(Arrays.asList(engine.getEnabledProtocols()));
    protocols.remove("SSLv3");

    return new CustomSSLWebSocketServerFactory(sslContext, protocols.toArray(new String[]{}), ciphers.toArray(new String[]{}));
  }

  @Override
  public void onOpen(WebSocket webSocket, ClientHandshake clientHandshake) {
    Log.i(TAG, "open");
    switch (webSocket.getResourceDescriptor()) {
      case NetworkConstants.CHANNEL_LIVE:
        Log.i(TAG, NetworkConstants.CHANNEL_LIVE);
        break;
    }
  }

  @Override
  public void onClose(WebSocket webSocket, int i, String s, boolean b) {
    Log.i(TAG, "closed");
  }

  @Override
  public void onMessage(WebSocket webSocket, String msg) {

  }

  @Override
  public void onMessage(WebSocket webSocket, ByteBuffer data) {

  }

  @Override
  public void onError(WebSocket webSocket, Exception e) {
    Log.e(TAG, "error", e);
  }

  @Override
  public void onStart() {
    Log.i(TAG, "started " + this.getAddress());
  }

  @Override
  public ServerHandshakeBuilder onWebsocketHandshakeReceivedAsServer(WebSocket conn, Draft draft, ClientHandshake request) throws InvalidDataException {
    ServerHandshakeBuilder builder = super.onWebsocketHandshakeReceivedAsServer( conn, draft, request );
    //In this example we don't allow any resource descriptor ( "ws://localhost:8887/?roomid=1 will be rejected but ws://localhost:8887 is fine)
    String rd = request.getResourceDescriptor();
    if (!rd.equals(NetworkConstants.CHANNEL_LIVE) && !rd.equals(NetworkConstants.CHANNEL_VIDEO) && !rd.equals(NetworkConstants.CHANNEL_FILE)) {
      throw new InvalidDataException(CloseFrame.POLICY_VALIDATION);
    }
    return builder;
  }
}

Log output:

...
D/WsServer: SSL context is set
I/WsServer: started /0.0.0.0:8118
I/Timeline: Timeline: Activity_idle id: android.os.BinderProxy@37eaf4f4 time:15758523
...

Environment(please complete the following information):

• Version used: 1.3.9
• Android 5.0.2

Additional info:

• Both wss and https connections are timeouted.
• Works well without SSL.

[marci4]

Android 5.0 is buggy with their ssl implementation, see #717, #293, #424

[marci4]

Duplicates #424