I have successfully setup sipml5 using a standard non secure ws:// to an asterisk 13 server, can make and receive calls using demo at https://www.doubango.org/sipml5/call.htm. However, I am having problem with wss or secure socket connection.
I got this error (chrome):
WebSocket connection to 'wss://myserver.com:8089/ws' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
My settings
WebSocket Server URL -> wss://myserver.com:8089/ws
SIP outbound Proxy URL -> udp://myserver.com:5060
Finally I solved this problem by adding following line to http.conf
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/path-to/cert.pem
tlsprivatekey=/path-to/privkey.pem
Related
I try to configure my Kafka brokers to work under ssl. I have the following configuration in all brokers:
listeners=PLAINTEXT://0.0.0.0:9092, SSL://0.0.0.0:9093
advertised.host.name=my_host_ip
port=9092
ssl.truststore.location=/opt/kafka/kafka.server.truststore.jks
ssl.keystore.location=/opt/kafka/kafka.server.keystore.jks
ssl.key.password=123456
ssl.keystore.password=123456
ssl.truststore.password=123456
And some other definitions which are not related to my ssl configuration.
In the client configuration I have the following:
security.protocol=SSL
ssl.truststore.location=/opt/kafka_2.12-0.10.2.0/config/ssl/kafka/client.truststore.jks
ssl.truststore.password=123456
With port 9092 (no ssl) everything works well, but when I try to use port 9093 - I got the following error, and I can't post message to the Kafka topic:
2017-04-25T16:59:19.945801000Z [2017-04-25 16:59:19,857] ERROR [KafkaApi-2] Error when handling request {topics=null} (kafka.server.KafkaApis)
2017-04-25T16:59:19.945991000Z kafka.common.BrokerEndPointNotAvailableException: Broker `2` does not have listener with name `ListenerName(SSL)’
I have ssl connection between the machines (checked with openssl)
What can be the reason?
I think you're exposing port 9092, but your SSL is configured to listen to 9093. Also, if I remember correctly, advertised.host.name is a deprecated parameter in kafka 0.10.x
I'll suggest commenting out advertised.host.name=my_host_ip and port=9092 and putting advertised.listeners=PLAINTEXT://<ip>:9092, SSL://<ip>:9093
I have the following infrastructure:
When I access the Application via HTTP everythig works, but via HTTPs I am gettin:
and on the client site:
WebSocket connection to 'wss://www.bla.cz/tb-socket/444/qzdmw5ry/websocket'
failed: Error during WebSocket handshake: Unexpected
response code: 403
Thanks for any help!
I Have Tomcat run on HTTPS.
I have tried to deploy SIPML5 WebSocket Application To into my tomcat.
When I tried to connect Sip Servlets using ws :
ws://192.168.X.Y:5082
And Sip Servlets Config looks like :
<Connector port="5082"
ipAddress = "192.168.X.Y"
protocol="org.mobicents.servlet.sip.startup.SipProtocolHandler"
signalingTransport="ws"/>
I got an error :
SIPml-api.js:4 Mixed Content: The page at 'https://192.168.X1.X2:8443/CallCenterBK/CallCenterBK.jsp?sip=1' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://192.168.X.Y:5082/'. This request has been blocked; this endpoint must be available over WSS.
When I have changes my SIPML 5 Client to wss :
wss://192.168.X.Y:5082
And my sip servlets config looks like :
<Connector port="5082"
ipAddress = "192.168.X.Y"
protocol="org.mobicents.servlet.sip.startup.SipProtocolHandler"
signalingTransport="wss"/>
I got another error :
WebSocket connection to 'wss://192.168.X.Y:5082/' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED
And when I have set to sipml 5 client : wss://192.168.X.Y:5082
and config changed to :
<Connector port="5082"
ipAddress = "192.168.X.Y"
protocol="org.mobicents.servlet.sip.startup.SipProtocolHandler"
signalingTransport="ws"/>
I got an error :
WebSocket connection to 'wss://192.168.1.3:5082/' failed: Error in connection establishment: net::ERR_TIMED_OUT
What I did incorrectly ?
Any idea will be appreciated.
You configured the HTTPs connector with the certificate information, you need to do the same thing for the WSS connector. Unfortunately the configuration for that is located at the SIP Stack level, so you need to edit your standalone/configuration/mss-sip-stack.properties and add
gov.nist.javax.sip.TLS_CLIENT_AUTH_TYPE=Disabled
javax.net.ssl.keyStore=$TRUSTSTORE_FILE
javax.net.ssl.keyStorePassword=$TRUSTSTORE_PASSWORD
javax.net.ssl.trustStorePassword=$TRUSTSTORE_PASSWORD
javax.net.ssl.trustStore=$TRUSTSTORE_FILE
javax.net.ssl.keyStoreType=JKS
SIPML5 works fine with wss for sure. The problem is on your server side.
Make sure that 5082 port is listening (telnet)
Make sure that you have installed a valid SSL certificate to your
server
Make sure that 5082 is the secure (wss) port (On most servers the ws
unsecured and wss secured are listening on different ports)
My websocket connection fails to connect when connecting through Apache ws tunnel plugin intermittently. The connection always works when hitting the app servers directly.
I see the below errors.
Error during WebSocket handshake: Invalid status line
WebSocket connection to 'ws://host' failed: One or more reserved bits are on: reserved1 = 1, reserved2 = 0, reserved3 = 0
and sometimes
WebSocket connection to 'ws://host' failed: Unrecognized frame opcode: 12
and at times
Error during WebSocket handshake: Status line does not end with CRLF ui-toolkit-vendor.js:21965
Infrastructure
Apache HTTPD 2.4.9 with mod_proxy_wstunnel and mod_proxy_balancer modules
The ws tunnel module ported with 2.4.9 version has several bugs which have been later fixed in the 2.4.12 build. Please find the excerpt from the SVN log.
Revision 1587075 - (view) (download) (annotate) - [select for diffs]
Modified Sun Apr 13 18:41:05 2014 UTC (11 months, 3 weeks ago) by covener
File length: 20119 byte(s)
Diff to previous 1587057 (colored)
several related mod_proxy_wstunnel changes that are tough to pull apart:
make async websockets tunnel opt-in
add config for how long we block a thread in asynch mode
add config for a cap on the synchronous path
avoid sending error responses down the upgraded tunnel
I am developing a reverse proxy using http core nio 4.3.3 and need to connect to a Secure/HTTPS endpoint via the proxy. I took the reverse proxy(Asynchronous HTTP reverse proxy)[1] and added SSL support as shown below.
SSLContext clientSSLContext =
SSLUtil.createClientSSLContext(TRUST_STORE_LOCATION,
TRUST_STORE_PASSWORD);
final IOEventDispatch connectingEventDispatch =
new DefaultHttpClientIODispatch(
clientHandler,
clientSSLContext,
ConnectionConfig.DEFAULT);
...
connectingIOReactor.execute(connectingEventDispatch);
When I send the request, I am getting this error,
java.io.IOException: SSL not supported
The Stack trace is given below.
[client<-proxy] 00000001 java.io.IOException: SSL not supported
java.io.IOException: SSL not supported
at org.apache.http.impl.nio.pool.BasicNIOConnFactory.create(BasicNIOConnFactory.java:159)
at org.apache.http.impl.nio.pool.BasicNIOConnFactory.create(BasicNIOConnFactory.java:1)
at org.apache.http.nio.pool.AbstractNIOConnPool.requestCompleted(AbstractNIOConnPool.java:484)
at org.apache.http.nio.pool.AbstractNIOConnPool$InternalSessionRequestCallback.completed(AbstractNIOConnPool.java:770)
at org.apache.http.impl.nio.reactor.SessionRequestImpl.completed(SessionRequestImpl.java:127)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processNewChannels(AbstractIOReactor.java:423)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:288)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:586)
at java.lang.Thread.run(Thread.java:662)
I enabled SSL debug logs as well, but still could not figure out the issue.
Then I debugged this and found out that the proxy received the request from the client and drops due to an exception inside the handle method of HttpAsyncRequestConsumer. The exception is java.io.IOException: SSL not supported
Also note that the SSLContext was working fine with a reverse proxy written using the netty transport.
Any help would be appreciated.
[1] https://hc.apache.org/httpcomponents-core-ga/examples.html
Regards,
Ravindra.
When using a connection pool on the client side to manage outgoing connections one needs to ensure that the connection factory used by the pool to create new connection objects is SSL capable. Please make sure that the connection pool is properly configured.
Thanks a lot for the advice. That solved the issue.
clientSSLContext =
SSLUtil.createClientSSLContext(TRUST_STORE_LOCATION,
TRUST_STORE_PASSWORD);
BasicNIOConnFactory connectionFactory =
new BasicNIOConnFactory(
clientSSLContext,
null,
ConnectionConfig.DEFAULT);
proxyConnPool = new ProxyConnPool(connectingIOReactor, connectionFactory, 5000)