Android Question SSL Websocket client

LucaMs

Expert
Licensed User
Trying to connecting to my websocket server:

closed javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x63a133b0: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x61803166:0x00000000)

Libraries used:
client: WebSocket 2.00
server: jServer 2.80

The server starts and it is reachable (ping). I suppose that if the server SslConfiguration (and the keyvaluestore I created) were incorrect the server would not start/work, correct?
 

LucaMs

Expert
Licensed User
Unfortunately not.

client b4a:
Public Const ServerURL As String = "wss://xxxxxxxxx:52650/xxxx"

server b4j:
ConfigureSSL(52650)
 

LucaMs

Expert
Licensed User
You should provide more information.
I don't know what informations.

My code is very similar to yours.

Just one thing: creating the keyvaluestore I had to use, temporarily, an IP address; but I think that if this were the problem I would not reach the server (I pinged the server from an online service).

The old project works perfectly if I do not use SSL.

I found this:
https://stackoverflow.com/questions...on-javax-net-ssl-sslprotocolexception-ssl-han

where they say that there are problems with Android < 4.4 but I'm using Android 4.4.2
 

LucaMs

Expert
Licensed User
Tried this code in my app:
B4X:
Private Sub TryToConnect
'    wsh.Initialize(Me, "wsh")
'    wsh.ws.Connect(Main.ServerURL)

    NewWS.Initialize("NewWs")
    NewWS.Connect("wss://b4x.com:51041/smiley/ws")
    Wait For NewWs_Connected
    Log("connected here")
    Wait For NewWs_TextMessage (Message As String)
    Log(Message)
    ExitApplication
End Sub
No logs (TryToConnect starts, of course)

This works (browser):
https://www.b4x.com:51041/smiley/index.html
 

Star-Dust

Expert
Licensed User
@LucaMs
To make the ranking of your game safe, use FireBase and not the SSL protocol that in some way can be sniffed by Hacker and used to induce false scores.

With Firebase the App that sends will be authenticated.
With SSL you can not identify the genuineness of the sending app. This is the main problem for security.

Better that you talk to an expert about it rather than improvise solutions
 

LucaMs

Expert
Licensed User
@LucaMs
To make the ranking of your game safe, use FireBase and not the SSL protocol that in some way can be sniffed by Hacker and used to induce false scores.

With Firebase the App that sends will be authenticated.
With SSL you can not identify the genuineness of the sending app. This is the main problem for security.

Better that you talk to an expert about it rather than improvise solutions
I'm trying this for A9, but it's the same.

Anyway, I will not use only SSL, I think.

Thank you
 

LucaMs

Expert
Licensed User
Add this sub:
B4X:
Sub ws_Closed (Reason As String)
   Log("error: " & Reason)
End Sub
Is it raised? Are you testing it on a real device?
Added.

Real device (Android 4.4.2) and, now, in release mode.


*** Service (starter) Create ***
** Service (starter) Start **
** Activity (main) Create, isFirst = true **
Connecting
** Activity (main) Resume **
error: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x6355af90: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0x61803166:0x00000000)
 

Star-Dust

Expert
Licensed User
But the @Erel code is very useful for me, thank you
 

LucaMs

Expert
Licensed User
It almost works, since connects, but after 2 seconds:
*** Service (starter) Create ***
Installing security provider if needed...
** Service (starter) Start **
** Activity (main) Create, isFirst = true **
** Activity (main) Resume **
Provider installed successfully
Connecting
connected
{"data":[],"etype":"setAutomaticEvents"}
android.os.NetworkOnMainThreadException
at android.os.StrictMode$AndroidBlockGuardPolicy.onNetwork(StrictMode.java:1145)
at com.google.android.gms.org.conscrypt.Platform.blockGuardOnNetwork:)com.google.android.gms@11951070)
at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.shutdownAndFreeSslNative:)com.google.android.gms@11951070:1)
at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.close:)com.google.android.gms@11951070:15)
at com.google.android.gms.org.conscrypt.KitKatPlatformOpenSSLSocketImplAdapter.close:)com.google.android.gms@11951070)
at io.crossbar.autobahn.websocket.WebSocketConnection.closeAndCleanup(WebSocketConnection.java:405)
at io.crossbar.autobahn.websocket.WebSocketConnection.access$12(WebSocketConnection.java:394)
at io.crossbar.autobahn.websocket.WebSocketConnection$2.handleMessage(WebSocketConnection.java:486)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:149)
at android.app.ActivityThread.main(ActivityThread.java:5257)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:794)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:610)
at dalvik.system.NativeStart.main(Native Method)
 
Top