3

I am using websocket(ws://) in my web application. now I implemented SSL in my webapplication so I implemented secure websocket(wss://). So i followed TooTallNate library docs to implement this scenerio.

  1. Netty SSL and websockets

  2. SSLClientExample.java

But I am getting this url in browser console.

WebSocket connection to 'wss://localhost:9191/socket' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED.

For Implementing secure websocket, which Algorithm we need to pass in below code ?

SSLContext context = SSLContext.getInstance(Algorithm);

So please help me to resolve this error.

Community
  • 1
  • 1
sus007
  • 297
  • 3
  • 9

1 Answers1

4

First of all, sorry for my english but maybe I can help you even the question is four years old and maybe someone will have the same problem.

Here we go..

If you use for example "ws://localhost:8025" Java websocket will not establish a secure connection, have a look at the docs.

Websocket will only create a secure connection in combination of SSL. At the end you will use "wss://localhost:8025".

Let`s add SSL:

First of all you will need a session key. You can find in your JavaJDK folder (for example in C:\Program Files\Java\jdk1.8.0_191\bin\keytool.exe) a file which is called "keytool.exe". This little toolwill generate a session key which should be saved on client and server side.

Now use the tool. For example:

keytool -genkey -keyalg RSA -validity 3650 -keystore "keystore.jks" -storepass "storepassword" -keypass "keypassword" -alias "default" -dname "CN=127.0.0.1, OU=MyOrgUnit, O=MyOrg, L=MyCity, S=MyRegion, C=MyCountry"

I copied the example above from:

https://github.com/TooTallNate/Java-WebSocket/blob/master/src/main/example/SSLClientExample.java

Now you are able to load your session key from the specific file, which is called "KEYSTORE".

KeyStore ks = KeyStore.getInstance( STORETYPE );
            File kf = new File( KEYSTORE );
            ks.load( new FileInputStream( kf ), STOREPASSWORD.toCharArray());

You need to generate a key manager and a trust manager. The author used a "SunX509" protocol.

KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
            kmf.init( ks, KEYPASSWORD.toCharArray() );
            TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
            tmf.init( ks );

After that it`s time to get the "real" SSL context. You need to load the TLS Protocol. SSL and TLS are alomst the same. When you generated a ssl-socket you can create a new socket which uses ssl/tls.

SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

For example: I used at the beginning

Session session = new Session(new Uri("wss://localhost:8025"));

My Session.class extends from WebSocketClient. Therefore I can use:

session.setSocket(sslSocketFactory.createSocket());
session.connect();

Note: If you want to use "wss" than you have to implement SSL or "ws" without SSL.

So what could be wrong with your code?

-> You did not implement SSL on server side so it will refuse connection

This code works perfectly and I did test it. I only postet for client side but server side will be the same code :)

I hoped I could help you so far.

8Dimension
  • 59
  • 4
  • 1
    First of all you will need a public/private key pair. This is not a session key. It is two related keys, and neither of them is a session key. You don't need to write any of the code provided here: you can accomplish it all via system properties. What he did wrong was to try to connect to a port that wasn't listening. It didn't actually have anything to do with SSL *per se*. – user207421 Feb 07 '19 at 23:10