HTTPS error "data length too long" in s3_pkt.c from Socket.io

Question

We’re trying to get Socket.io flashsockets to work in Internet Explorer 9 over HTTPS/WSS. The flashsockets work over HTTP, but HTTPS is giving us problems. We’re using socket.io version 0.8.7 and socket.io-client version 0.9.1-1.

We’re running our websocket server via SSL on port 443. We’ve specified the location of our WebsocketMainInsecure.swf file (these are cross-domain ws requests) in the correct location, and we’re loading the file in the swfobject embed over HTTPS.

We opened up port 843 in our security group for our EC2 instance and the cross origin policy file is successfully being rendered over HTTP. It does not seem to render over HTTPS (Chrome throws an SSL connection error).

We’ve tried two versions of the WebsocketMainInsecure.swf file. The first is the file provided by Socket.io, which is built off of WebsocketMainInsecure.as that does not include the line

Security.allowInsecureDomain("*");

This throws the error SCRIPT16389: Unspecified error. at the WebSocket.__flash.setCallerUrl(location.href) line.

We figured it was because the SWF file was not permitting HTTPS requests, so we replaced the WebSocketMainInsecure.swf file with the one found at this repo: https://github.com/gimite/web-socket-js because it includes the

Security.allowInsecureDomain("*");

line in the actionscript code. When we used this, we saw that the flashsocket connection kept disconnecting and reconnecting in an infinite loop. We tracked the error down to the transport.js file in the socket.io library in the onSocketError function on the Transport prototype. It throws the error:

[Error: 139662382290912:error:1408F092:SSL routines:SSL3_GET_RECORD:data length too long:s3_pkt.c:503:]

We even tried updating both socket.io and socket.io-client to version 0.9.6 and we still got the Access is denied error.

This error has been very difficult to debug, and now we’re at a loss as to how to get flashsockets to work. We’re wondering if it might have to do with using an older version of socket.io, or maybe that our policy file server doesn’t accept HTTPS requests, or maybe even the way in which the WebSocketMainInsecure.swf file from the web-socket-js github repo was built relative to what socket.io-client expects.

Answer 1

I'm unsure weather it works. But here's my idea/suggestion:

1. Idea: I assume that you (possibly) tried to access a URL which is too long. This happens if data often is tansmitted via GET-Parameters. The official limit for a URL is below 512 Bytes.

Details: The HTTP specification says that a protocol line may be at most 512 Bytes. If longer the server may reject the request or may be unable to handle the request. The first line in HTTP with a GET-requet is like "GET /path/to?param1=data1&param2=data2&... HTTP/1.1" which would need to fit in 512 bytes. For POST requests theres no such limitation..

However your error seems to origin from some SSL implementation (openSSL?): refering to s3_pkt.c at line 503 (I found a file like this here: http://www.opensource.apple.com/source/OpenSSL/OpenSSL-7.1/openssl/ssl/s3_pkt.c) but seems to be different; I don't know the details, and am just speculating: I could think of that the openSSL implementation has some limited support for long GET-Requests (as they are not HTTP conform) and just rejects them this way...

I see these possibities now: 1. Solution: Use POST instead of GET-Requests to transmit longer datasets. See if this works... 2. Try to replace you openssl-installation or libopenssl at the server used; it's possibly broken or outdated? 3. Try to request some help from the openssl developers...

Hope that helps...

Answer 2

Try building OpenSSL with SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER (credit to Steven Henson and Jaaron Anderson from OpenSSL mailing list).