Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
360 views
in Technique[技术] by (71.8m points)

javascript - How to debug Safari silently failing to connect to a secure WebSocket

When doing new WebSocket('ws://server/'); Safari connects fine, but when using new WebSocket('wss://server/'); it completely fails (returns a null object). Worse, it fails silently - no errors in traceback (a custom Eventlet web server) or in the error console within Safari.

Chrome works fine with both the secure and non-secure host.

How would I go about debugging or fixing this? Google is very short on information.

Here is some traceback from running OpenSSL in place of the WebSockets server and seeing what happens. Firstly, here's Chrome's (which does work) debug output:

Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write key exchange A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:SSLv3 read client key exchange A
SSL_accept:SSLv3 read finished A
SSL_accept:unknown state
SSL_accept:SSLv3 write change cipher spec A
SSL_accept:SSLv3 write finished A
SSL_accept:SSLv3 flush data
-----BEGIN SSL SESSION PARAMETERS-----
GIBBERISH HERE
-----END SSL SESSION PARAMETERS-----
Shared ciphers:CIPHERS_HERE
CIPHER is REDACTED
Secure Renegotiation IS supported
GET / HTTP/1.1
Upgrade: WebSocket
Connection: Upgrade
Host: live.redacted.com:8443
Origin: http://redacted.com
Sec-WebSocket-Key1: 1 [ B l wA 3 e60   d9[  n0!>8384
Sec-WebSocket-Key2: 2 5  1  7p 17 64 3 9
Cookie: __key=value

and here's Safari's (which doesn't work):

ACCEPT
SSL_accept:before/accept initialization
SSL_accept:SSLv3 read client hello A
SSL_accept:SSLv3 write server hello A
SSL_accept:SSLv3 write certificate A
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:failed in SSLv3 read client certificate A
ERROR
shutting down SSL
CONNECTION CLOSED

So I think Safari has an issue with our certificates—but one it doesn't reveal when using regular HTTP.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Sysadmin fiddling has revealed a fix: setting OpenSSL to SSLv3 by default kills Safari, but letting it pick its own SSL version (all) works fine.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...