4

I read that (secure) Websocket are using the same ports that the HTTP(S) protocol. However, my PHP Websocket Server receive crypted handshake from clients, i'm listening to open connections on 12345 port.

My system works well through non-secure websocket but i need to add the secure feature and i don't understand why i receive these crypted handshakes. It would be transparent to me thanks to OSI model...

If I configure apache to activate the SSL engine and listening on 12345 port. I wont be able to use this port again for my PHP Websocket server because it will be then in state "already used"... or i have forgotten something...

I'm lost :(

EDIT:

Here is my secure websocket header (using wss://):

Request URL:wss://localhost:12345/

And here my simple websocket header (using ws://):

Request URL:ws://localhost:12345/ Request Method:GET Status Code:101 Switching Protocols Request Headersview source Connection:Upgrade Host:localhost:12345 Origin:http://localhost Sec-WebSocket-Extensions:x-webkit-deflate-frame Sec-WebSocket-Key:wovBDvKiKdy/+0Y2BQPr9w== Sec-WebSocket-Version:13 Upgrade:websocket (Key3):00:00:00:00:00:00:00:00 Response Headersview source Connection:Upgrade Sec-WebSocket-Accept:1ao7ngQG4LAa3JxFibyvoocbSAM= Upgrade:websocket (Challenge Response):00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

Why i get more without secure connection?

Rodolf
  • 168
  • 2
  • 7
  • possible duplicate of [html5 Websocket with SSL](http://stackoverflow.com/questions/9745249/html5-websocket-with-ssl) – Marc B Jul 12 '12 at 11:12
  • I have already seen this post and no, it is not a duplicate =) – Rodolf Jul 12 '12 at 11:16
  • No, it answers your question. If your socket is opened with `ws://`, it'll be a standard socket. if it's `wss://`, it'll be an SSL socket. – Marc B Jul 12 '12 at 11:20
  • Do you want to run your Websocket server with SSL or not? If not this is simply a problem of bad clients which use the wrong protocol. – Robert Jul 12 '12 at 11:21
  • What i was trying to explain is when i use `http://` then `ws://` my system works. But if i use `https://` then `wss://` i receive crypted handshakes on my phpwebsocket server. – Rodolf Jul 12 '12 at 11:23
  • what do you mean with "crypted handshake"? in general, the following combinations work: HTTP+WS, HTTP+WSS, HTTPS+WSS. In other words, HTTPS+WS does *not* work. – oberstet Jul 12 '12 at 11:54
  • When i use `echo` to see the request handshake from the client. I got this with `ws://` `GET /?encoding=text HTTP/1.1 Upgrade: websocket Connection: Upgrade Host: localhost:12345 Origin: http://www.websocket.org Sec-WebSocket-Key: RVdeuJM6o1VEHnNHVPl/xQ== Sec-WebSocket-Version: 13 Sec-WebSocket-Extensions: x-webkit-deflate-frame` and this with `wss://` `▬♥☺ ¼☺ ¿♥☺O‗£▲»Ñø2↓┘ı¨-¦é█♠¥9ªÄ¶♥h<▼ó╣a■tÒ H└ └♥■ ç 9 8└☼└♣ ä 5└└ └◄└‼ E D f 3 2└♀└♫└☻└♦ û A ♣ ♦ /└↕ ▬ ‼└ ☻☺ 6 ♫ ♀ localhost ☺ ☺ ♠ ↨ ↑ ↓ ♂ ☻☺ # ♣ ♣☺ ` It seems to me it is crypted x) – Rodolf Jul 12 '12 at 12:18

1 Answers1

2

I read that (secure) Websocket are using the same ports that the HTTP(S) protocol

By default, yes - but you can override the port in both via the URL, consider:

http://www.example.com:443/
https://www.example.com:8080/
http://www.example.com:12345/

If something else is already listening on a particular port/address then you can't run a second server there - so if your webserver is already listening on port 443 (https) you won't be able to run a seperate websocket server on the same port.

Just leave you HTTPS server at 443 and run the ssl ws server at 12345.

Just saw your last comment.

SSL is not just about which port you listen on - the traffic is encrypted. If you want to handle wss traffic then you need an SSL capable server. There are various ways of implementing this it depends how you implemented the current server.

symcbean
  • 47,736
  • 6
  • 59
  • 94
  • I need both https:// and wss:// features. Do i need to configure the port 12345 like the port 443 in the httpd.conf file (Apache2) with a second certificate or the one i bought can be used twice? Thanks for the explanation by the way =) – Rodolf Jul 13 '12 at 09:47
  • You can use the same certificate, if it were me I wouldn't try to use Apache to handle ws/wss traffic at all - there are better solutions. Which is the best depends on what you've already got in place, but you could do worse than have a look at https://github.com/kumina/wsproxy – symcbean Jul 14 '12 at 23:29
  • I was wondering if there was a php websocket server which could decrypt SSL (using OpenSSL for example). Using stunnel might be a good solution because if i understood how it works, i won't have to change my websocket server. – Rodolf Jul 17 '12 at 07:15
  • OK i give you some news... I used [stunnel](http://www.stunnel.org/) to provide the decryption I needed to use my secure websocket. It works fine in Chrome but i get some trouble with Firefox, which does not send the right headers. Again, Firefox + Http + Ws works, but when i use Firefox + Https + Wss the following headers are missing: `Sec-WebSocket-Version` and `Sec-WebSocket-Key`. Any idea? Im so close!! ^^ – Rodolf Jul 18 '12 at 12:58
  • I just accepted the auto-signed certificate on the port 12345 in addition of the one on port 443 and now it works like i wished. =) – Rodolf Jul 19 '12 at 06:05
  • @Rodolf can you please explain "I just accepted the auto-signed certificate". I need to do the same thing here. Thanks! – Imdad Aug 11 '20 at 12:36