Secure websocket with HTTPS (SSL) [duplicate]

Question

I am using websocket(ws://) in my web application. now I implemented SSL in my webapplication so I implemented secure websocket(wss://). So i followed TooTallNate library docs to implement this scenerio.

1. Netty SSL and websockets

2. SSLClientExample.java

But I am getting this url in browser console.

WebSocket connection to 'wss://localhost:9191/socket' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED.

For Implementing secure websocket, which Algorithm we need to pass in below code ?

SSLContext context = SSLContext.getInstance(Algorithm);

So please help me to resolve this error.

Answer 1

First of all, sorry for my english but maybe I can help you even the question is four years old and maybe someone will have the same problem.

Here we go..

If you use for example "ws://localhost:8025" Java websocket will not establish a secure connection, have a look at the docs.

Websocket will only create a secure connection in combination of SSL. At the end you will use "wss://localhost:8025".

Let`s add SSL:

First of all you will need a session key. You can find in your JavaJDK folder (for example in C:\Program Files\Java\jdk1.8.0_191\bin\keytool.exe) a file which is called "keytool.exe". This little toolwill generate a session key which should be saved on client and server side.

Now use the tool. For example:

keytool -genkey -keyalg RSA -validity 3650 -keystore "keystore.jks" -storepass "storepassword" -keypass "keypassword" -alias "default" -dname "CN=127.0.0.1, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry"

I copied the example above from:

https://github.com/TooTallNate/Java-WebSocket/blob/master/src/main/example/SSLClientExample.java

Now you are able to load your session key from the specific file, which is called "KEYSTORE".

KeyStore ks = KeyStore.getInstance( STORETYPE );
            File kf = new File( KEYSTORE );
            ks.load( new FileInputStream( kf ), STOREPASSWORD.toCharArray());

You need to generate a key manager and a trust manager. The author used a "SunX509" protocol.

KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
            kmf.init( ks, KEYPASSWORD.toCharArray() );
            TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
            tmf.init( ks );

After that it`s time to get the "real" SSL context. You need to load the TLS Protocol. SSL and TLS are alomst the same. When you generated a ssl-socket you can create a new socket which uses ssl/tls.

SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

For example: I used at the beginning

Session session = new Session(new Uri("wss://localhost:8025"));

My Session.class extends from WebSocketClient. Therefore I can use:

session.setSocket(sslSocketFactory.createSocket());
session.connect();

Note: If you want to use "wss" than you have to implement SSL or "ws" without SSL.

So what could be wrong with your code?

-> You did not implement SSL on server side so it will refuse connection

This code works perfectly and I did test it. I only postet for client side but server side will be the same code :)

I hoped I could help you so far.