[Play 2.2.2 Java] Do Secure Websockets Work?

[Jarett Creason]

When I use a non-secure websocket (ws://), everything works fine.  When switching to an environment using SSL for everything (https://), I'm trying to use secure websockets (wss://), but I get this error in the javascript console: WebSocket connection to 'wss://....'  Error during WebSocket handshake: Unexpected response code: 400

So, simple question, does Play work with secure websockets?

[Jarett Creason]

Very possible this has absolutely nothing to do with Play, and I am testing this using as self-signed certificate.

Please answer with a simple "yes" if you've successfully used Play websockets over a secure connection...  anyone?

[Donovan Muller]

yes :)

browser <-> HAProxy (handling SSL) <-> nginx <-> Play (2.1.5)

On 28 April 2014 22:16, Jarett Creason <jcre...@gmail.com> wrote:

Very possible this has absolutely nothing to do with Play, and I am testing this using as self-signed certificate.

Please answer with a simple "yes" if you've successfully used Play websockets over a secure connection...  anyone?

--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[TonyB]

Wish I could answer yes.  I've been struggling with WSS for 2 days now.  

Using WS in dev mode directly to play on port 9000 works great.  I have it working from the browser and even from a java lib from android, on my local lan.

But when I try against my production SSL server I am having strange problems.  I am not using the built in SSL in Play, instead I am using Play only in clear text on port 9000 and use Nginx 1.6.0 as a reverse proxy in front of Play, Nginx is running on both port 80 and 443.

I've added the needed nginx configs to proxy the websocket but I still get strange results.  For instance, when I connect to WSS on port 443 using a self-signed cert (already trusted by the browser and OS) Things seem to connect and run fine, but I can't disconnect.  Called either websocket.close() in the browser does nothing.  The connection stays active, weird.  And calling websocket.close() from the Play server seems to leave the connection open on the browser side as well.  I think maybe its only closing half of the websocket on the other side of the proxy?  Not sure exactly.

I think using WSS with SSLContext from Android is another issue entirely.  I get a timeout when attempting to connect. 

Error creating socket: java.util.concurrent.TimeoutException: No response received after 60000

I think this is due to the self-signed cert and maybe this websocket lib not working correctly with custom SSLContext.  I'm using, async-http-client.  There are others out there I still need to try.  Does anyone know of a websocket client I can use from Android with support for custom SSLContext with client authentication support?

But, the Android client works fine over unecrypted WS.

...still looking for my own answers.

-Tony

[Jarett Creason]

Thanks for responding Donovan & Tony!  It's at least nice to know that I'm not the only one trying to figure this out :-)

I suppose it's a little annoying to have to proxy through nginx to make secure websockets work.  This is my first time using websockets, is the nginx solution because Play natively doesn't support them or does it have nothing to do with Play?  I guess I'd love a more technical reason...  perhaps a Play developer can help?

I saw this SO response to the question, is this the scenario I should attempt to setup?

http://stackoverflow.com/a/19596485/290696

Thanks guys.

[TonyB]

That is the link I found as well and I have it setup that way.  Try it out and report back.   

I am using nginx because I want/need to, so I don't intend on hitting Play directly with wss.  But like I said, something is still not 100% correct with my current configuration.  I can connect to wss:// from within a html page served up from the server after the self-signed cert is accepted.  The browser page WebSocket connects and runs fine, but issuing a close from either client or server side does nothing, the connection stays active!  So weird.  Eventually timing out after 4 mins.

And as for my Android client, that's a larger problem then just drop in some random websocket client lib and use.  Would love to hear if anyone out there know's of a good java websocket client lib with SSL support.