MCGalaxy icon indicating copy to clipboard operation
MCGalaxy copied to clipboard

Published 20 hours ago verified publisher icon UnknownShadow200

WSS change

Open gwhizoftv opened this issue 3 years ago • 3 comments

Modify Sockets.cs to support wss:// connections

gwhizoftv avatar Nov 18 '21 00:11 gwhizoftv

Sorry about the whitespace changes

gwhizoftv avatar Nov 18 '21 00:11 gwhizoftv

There seem to be three changes here

  1. Adding a lot of logging
  2. Changing ServicePointManager to TLS 1.2 only (seems unnecessary because something similar is already done in ForceEnableTLS method in Server.cs)
  3. Changing SSLStream for secure websockets to use TLS 1.2 only

Seems like would be simpler to just change ssl.AuthenticateAsServer(cert); to ssl.AuthenticateAsServer(cert, false, HttpUtil.TLS_ALL, false); ?

UnknownShadow200 avatar Nov 18 '21 21:11 UnknownShadow200

  1. Yes the logging helps the admin get the correct cert deployed. We should document the process of getting the correct type of cert.
  2. I saw the TLS code in the other module but it didn't seem to be working.Also the Tls12 enums weren't available in Sockets.js.
  3. Yes. We don't want to allow TLS 1.0 but 1.1 and later are OK. There are a bunch of options defined in the M$FT C# pages for AuthenticateAsServer but our compile system didn't recognize some of them. The one I put there works. We don't need the client to present or auth to us, unless we are going to a completely different level of authentication.
  4. Changing the x509 routine to the one that doesn't need a password. For a public cert we don't want a password.

gwhizoftv avatar Nov 19 '21 01:11 gwhizoftv