3

We’re trying to get Socket.io flashsockets to work in Internet Explorer 9 over HTTPS/WSS. The flashsockets work over HTTP, but HTTPS is giving us problems. We’re using socket.io version 0.8.7 and socket.io-client version 0.9.1-1.

We’re running our websocket server via SSL on port 443. We’ve specified the location of our WebsocketMainInsecure.swf file (these are cross-domain ws requests) in the correct location, and we’re loading the file in the swfobject embed over HTTPS.

We opened up port 843 in our security group for our EC2 instance and the cross origin policy file is successfully being rendered over HTTP. It does not seem to render over HTTPS (Chrome throws an SSL connection error).

We’ve tried two versions of the WebsocketMainInsecure.swf file. The first is the file provided by Socket.io, which is built off of WebsocketMainInsecure.as that does not include the line

Security.allowInsecureDomain("*");

This throws the error SCRIPT16389: Unspecified error. at the WebSocket.__flash.setCallerUrl(location.href) line.

We figured it was because the SWF file was not permitting HTTPS requests, so we replaced the WebSocketMainInsecure.swf file with the one found at this repo: https://github.com/gimite/web-socket-js because it includes the

Security.allowInsecureDomain("*");

line in the actionscript code. When we used this, we saw that the flashsocket connection kept disconnecting and reconnecting in an infinite loop. We tracked the error down to the transport.js file in the socket.io library in the onSocketError function on the Transport prototype. It throws the error:

[Error: 139662382290912:error:1408F092:SSL routines:SSL3_GET_RECORD:data length too long:s3_pkt.c:503:]

We're guessing this error may somehow be related to our ssl wildcard subdomain certificates, but we're unsure.

We even tried updating both socket.io and socket.io-client to version 0.9.6 and we still got the Access is denied error.

This error has been very difficult to debug, and now we’re at a loss as to how to get flashsockets to work. We’re wondering if it might have to do with using an older version of socket.io, or maybe that our policy file server doesn’t accept HTTPS requests, or maybe even the way in which the WebSocketMainInsecure.swf file from the web-socket-js github repo was built relative to what socket.io-client expects.

Any help is greatly appreciated!

Justin Meltzer
  • 621
  • 1
  • 9
  • 18

1 Answers1

0

It looks like it's got past the XSS controls and at a guess the SSL error looks like it's because your websocket client isn't connecting to SSL websocket.

Verify your SSL websocket by using: openssl s_client -connect servername:websocketport

You should see a dump of the SSL certs and whether its trusted. You can also fire off a request if you know how to replicate your websocket client.

Also, use Wireshark / Tcpdump to verify which ports are being opened. A dump from the Network section and Console from Chrome's Developer Tool might prove insightful.

Alastair McCormack
  • 2,184
  • 13
  • 22