Overview
Features
Download
Documentation
Community
Add-Ons & Services

Secure WebSocket

Please post support and help requests here.

Secure WebSocket

Postby JimNodeJs » 22 Mar 2013, 21:44

Hello,

I am using the WebSocket support in Poco 1.4.6 to exchange messages with a Node.js application (uses "ws", not "socket.io").

It works great. Thanks for Poco and the WebSocket library!

Now I want to make the WebSocket secure, using TLS, HTTPS, or whatever is appropriate.

Can I do this with the Poco WebSocket library? Can you offer any pointers on how to get started?

Thanks.

Jim
JimNodeJs
 
Posts: 2
Joined: 22 Mar 2013, 21:37

Re: Secure WebSocket

Postby alex » 29 Mar 2013, 21:38

As I understand it, it should be automatic, using origin-based security. See HTML5 WebSocket Security is Strong
alex
 
Posts: 1101
Joined: 11 Jul 2006, 16:27
Location: United_States

Re: Secure WebSocket

Postby JimNodeJs » 01 Apr 2013, 23:47

FYI, an https/wss client based on Poco C++ Libraries interops successfully with a Node.js server based on the "websocket" package (note this is not "socket.io" or "ws"). The source snippet below captures what was needed on the Poco side to create the secure WebSocket (_origin and _protocol are user defined, and are validated on the server side by user level code):

_clientContext = new Poco::Net::Context(
Poco::Net::Context::CLIENT_USE,
_clientKey,
_clientCert,
_serverCert,
Poco::Net::Context::VERIFY_RELAXED,
9,
false,
"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");

_httpsClientSession = new Poco::Net::HTTPSClientSession(serverIp, serverPort, _clientContext);

Poco::Net::HTTPRequest httpRequest(Poco::Net::HTTPRequest::HTTP_GET, "/wss");
httpRequest.set("Origin", _origin);
httpRequest.set("Sec-WebSocket-Protocol", _protocol);
Poco::Net::HTTPResponse httpResponse;

_webSocket = new Poco::Net::WebSocket(*_httpsClientSession, httpRequest, httpResponse);
JimNodeJs
 
Posts: 2
Joined: 22 Mar 2013, 21:37


Return to Support

Who is online

Users browsing this forum: No registered users and 1 guest