-
Notifications
You must be signed in to change notification settings - Fork 85
Enabling WebSocket Secure (TLS)
vtortola edited this page May 5, 2014
·
9 revisions
The WSS support is provided through a custom per connection extension named WebSocketSecureConnectionExtension
.
It requires a certificate object, that will be used to secure the connection:
server.ConnectionExtensions.RegisterExtension(new WebSocketSecureConnectionExtension(certificate));
When using TLS, the clients will need to use the wss://
schema to connect.
How to obtain that certificate object is up to the caller, but this would be a little example:
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates[1];
store.Close();
When using TLS, is recommended to increment the number of available parallel negotiations through the WebSocketListener options since TLS negotiation takes a little bit longer:
var options = new WebSocketListenerOptions()
{
NegotiationQueueCapacity = 128,
ParallelNegotiations = 16
}
WebSocketListener server = new WebSocketListener(endpoint, options);
server.Standards.RegisterStandard(new vtortola.WebSockets.Rfc6455.WebSocketFactoryRfc6455(server));
server.ConnectionExtensions.RegisterExtension(new WebSocketSecureConnectionExtension(certificate));
Tune the option values to find the config that works out better for you.
- Remember to change the port number to a one different to the one you used for not secure connections. Some browsers get confused if suddenly a port becomes secure or viceversa.
- Remember to use the hostname indicated in the certificate to connect and not the IP.
- If you are using a self-signed certificate, use it for HTTPS so you can see the dialog for accepting that certificate. When accessing via
WSS://
there is not certificate acceptance dialog, it will just fail to connect.