即使我的网站使用SSL服务,我也可以强制Web套接字不使用SSL吗?
[英]Can I force my web socket not to use SSL even though my site is served under SSL?
问题描述
I have a JavaScript client. 
我有一个JavaScript客户端。
I have a web socket and it is trying to talk to my server. 我有一个网络套接字,它正在尝试与我的服务器通信。
My web app runs under https and I have used Open SSL for get my certificates. 我的Web应用程序在https下运行,并且我已经使用Open SSL来获取证书。
In my C# I am using the Socket object to receive client requests. 在我的C#中,我正在使用Socket对象来接收客户端请求。
My clients can connect but the when I try to read/parse the headers it is encrypted. 我的客户端可以连接,但是当我尝试读取/解析标题时,它是加密的。 (I do not know how to decrypt). (我不知道如何解密)。
If occured to me if my web socket did not use SSL the problem would go away. 如果我的Web套接字未使用SSL发生在我身上,问题将消失。 But, even if I set the uri in my client to: 但是,即使我将客户端中的uri设置为:
var url = "ws://192.168.0.9:8090/Relayer";
It is changed to: 更改为:
var url = "wss://192.168.0.9:8090/Relayer";
This is my server code: 这是我的服务器代码:
//server starting to listen
serverSocket = new Socket( AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP );
serverSocket.Bind( new IPEndPoint( IPAddress.Any, 8090 ) );
serverSocket.Listen( 128 );
serverSocket.BeginAccept( null, 0, OnAccept, null );
//server responding to Client Request:
private static Socket serverSocket;
private static void OnAccept(IAsyncResult result)
{
byte[] buffer = new byte[1024];
try
{
Socket client = null;
string headerResponse = "";
if (serverSocket != null && serverSocket.IsBound)
{
client = serverSocket.EndAccept(result);
var i = client.Receive(buffer);
//my many attempts to read the data....
string unicode = (Encoding.UTF8.GetString(buffer)).Substring(0, i);
string str = Uri.UnescapeDataString(unicode);
var outputs = System.Net.WebUtility.HtmlDecode(unicode);
}
if (client != null)
{
/* Handshaking and managing ClientSocket */
}
}
catch (SocketException ex)
{
Logger.LogVerbose(LoggerNames.Error, ex.ToString());
}
finally
{
if (serverSocket != null && serverSocket.IsBound)
{
serverSocket.BeginAccept(null, 0, OnAccept, null);
}
}
}
So, can I FORCE my web socket not to use SSL? 因此,我可以强制我的Web套接字不使用SSL吗?
Thanks 谢谢
OKAY After reading stuff I understand it is not a good idea to mix http and https and ws and wss. 好吧阅读完相关内容后,我了解将http和https以及ws和wss混合使用不是一个好主意。
Any ideas to get this working using SSL/wss then that would be good :) 任何使用SSL / wss使其工作的想法都很好:)
1 个解决方案
解决方案1
1 已采纳 2019-08-10 11:22:22
Can I force my web socket not to use SSL even though my site is served under SSL?
If your JavaScrip client follows security conventions, then the answer is no . 如果您的JavaScrip客户端遵循安全性约定,那么答案是否定的 。 The answer is also "it shouldn't". 答案也是“不应该”。
There are a number of reasons for this, but the following reason is quite enough: 造成这种情况的原因很多,但以下原因已足够:
When a user observes that the website is encrypted, they assume that any private information they share will not be visible to third parties . 当用户观察到该网站已加密时,他们假定他们共享的任何私人信息对第三方都是不可见的 。 This is part of the promise made by encryption . 这是加密承诺的一部分。 However, by allowing clear-text (unencrypted) communication after stating the site is encrypted, this promise could be broken . 但是,通过在声明站点已加密之后允许进行明文(未加密)通信, 可以兑现这一承诺 。
This is why secure clients will not allow non-encrypted communication (ie, WebSockets, XHR, etc') within a secure website. 这就是为什么安全客户端不允许在安全网站内进行非加密通信(即WebSocket,XHR等)的原因。
My clients can connect but the when I try to read/parse the headers it is encrypted.
The encrypted data should be passed through the SSL layer to be decrypted. 加密的数据应通过SSL层进行解密。
Often, many languages will provide an "SSL Socket" abstraction that behaves like a socket but automatically encrypts / decrypts data. 通常,许多语言会提供“ SSL套接字”抽象,其行为类似于套接字,但会自动加密/解密数据。
As mentioned in the comments the SslStream might be what you're looking for (see Jesse de Wit's comment). 如评论中所述, SslStream可能正是您要寻找的(请参阅Jesse de Wit的评论)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.