Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in EnabledSslProtocols Tls13 #318

Open
clobotorre opened this issue Oct 13, 2021 · 4 comments
Open

Error in EnabledSslProtocols Tls13 #318

clobotorre opened this issue Oct 13, 2021 · 4 comments

Comments

@clobotorre
Copy link

Hi.

I have correctly running a running a fleck websocket using Tls12:

server = new Fleck.WebSocketServer("wss://0.0.0.0:" + _wsPort.ToString());
X509Certificate2 certificate = new X509Certificate2(_certFilePath);
if (certificate != null)
            {
                server.Certificate = certificate;
                server.EnabledSslProtocols = System.Security.Authentication.SslProtocols.Tls12; 
            }
server.Start(...

In my client application, I have this JS websocket connection related piece of code:

let socket = new WebSocket('wss://localhost.local:9999');

With Tls12 the above code is working with no problems. If I change server.EnabledSslProtocols to Tls13, Chrome complaints with "WebSocket connection to 'wss://localhost.local:9999/' failed:"

Is Tls13 supported on Fleck? If so, Is there anything special to be done with the certificate i am using, and which is working on Tls12?

Thanks
@statianzo
Copy link
Owner

Nothing special is needed as far as I know.

If you navigate your browser directly to https://localhost.local:9999 does chrome give you more details on the error?

have you tried any other browsers?

What OS and .net version?

@clobotorre
Copy link
Author

If you navigate your browser directly to https://localhost.local:9999 does chrome give you more details on the error?

ERR_TIMED_OUT

have you tried any other browsers?

Yes, same result.
It is as if the requests are not reaching the websocket when I use TLS 1.3

What OS and .net version?
Windows 10 Pro (21H1)
.NET Framework 4.8

Is there a way to debug what is going on inside Fleck's websocket, just to be sure requests are one way or another reaching the websocket using TLS 1.3 and, f so, what happened with those requests?

@statianzo
Copy link
Owner

Setting FleckLog.level = LogLevel.Debug will output more verbose details about what's happening from Fleck's point of view.

@StevenBonePgh
Copy link

Are you sure that the client is attempting to negotiate TLS 1.3? A network trace may help determine this. If a proxy is involved this is known to be problematic. There is quite a mess with TLS 1.3 as the framework and OS are both involved, and I don't know how to help here, other than to say I have not tried TLS 1.3 yet myself, and unfortunately won't have the bandwidth to do so in the next few days.

As an aside, when setting the server.EnabledSslProtocols you can OR them if you want to accept more than one version of TLS:
server.EnabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@statianzo @StevenBonePgh @clobotorre