[Interest] wss:// on localhost

Alexander Carôt alexander_carot at gmx.net
Mon Aug 3 23:16:59 CEST 2020 

> Sorry, I might be missing some critical piece of information: is it a browser 
> that is connecting to your websocket service? I thought it was a web view, 
> whose CA list you could control.

The most simple way to describe it this:

A conventional html page (classical web browser) launches a websocket via wss://localhost:1234 and connects to a Qt application which hosts a QtWebsocket Server which binds to localhost:1234. This way I achieve communication between browser and app. Would love to stay with ws:// but modern CMS (well - websites in general) etc. require using SSL and mixed content is not working anymore. 

Best

Alex

--
http://www.carot.de
Email : Alexander at Carot.de
Tel.: +49 (0)177 5719797


> Gesendet: Montag, 03. August 2020 um 19:49 Uhr
> Von: "Thiago Macieira" <thiago.macieira at intel.com>
> An: interest at qt-project.org
> Betreff: Re: [Interest] wss:// on localhost
>
> On Sunday, 2 August 2020 16:09:32 PDT Hamish Moffatt wrote:
> > On 3/8/20 9:05 am, Alexander Carôt wrote:
> > >> I repeat: whatever you do, don't ship a private key.
> > > 
> > > Allright - will consider alternative ideas.
> > 
> > Consider generating your own root CA certificate and asking your users
> > to install that in their browser. Then sign the site certificate (for a
> > non-existent, non-registerable domain) with that.
> 
> Sorry, I might be missing some critical piece of information: is it a browser 
> that is connecting to your websocket service? I thought it was a web view, 
> whose CA list you could control.
> 
> If you can't programmatically control the CA list of the WS client, then I 
> don't see a secure solution. Doing what Hamish just suggested is not a good 
> idea either, as becoming a CA has huge implications. If you get hacked, then 
> your clients can get hacked too. And you become a target of hacks because your 
> clients are installing your root CA.
> 
> My suggestion of generating on each client works only so long as you control 
> both sides of the websocket connection (client and server).
> 
> -- 
> Thiago Macieira - thiago.macieira (AT) intel.com
>   Software Architect - Intel DPG Cloud Engineering
> 
> 
> 
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
>

More information about the Interest mailing list