[Interest] wss:// on localhost

Jason H jhihn at gmx.com
Mon Jul 20 18:00:31 CEST 2020 

I could never get wss: working on the mobile platforms, despite being able to get https working. 

a) you need these for SSL to work. You could generate them and set peer verify to off,  but I don't know how to do it without a certificate.

b) You can't (generally speaking) do ws and wss at the same time. It follows http/https semantics, as it starts as HTTP and negotiates the protocol change to WebSocket. The encruption happens even before that - it is already assumed to be encrypted or not, though it is possible to have a plaintext http socket upgrade to a https socket (mixed mode), but no one does that. Instead the protocol/port combo gives the client the information on how to start talking to the server in the right way. I will speculate that this is done rather than have a mixed-mode socket so if you come in with the intent of being encrypted and are not, that is considered a hard fail.  Same applies for unencrypted. Mixed mode only gives you additional ambiguity, potential leakage of data intended to be secure but isn't. So there isn't a large reason to support both on the same socket, and ports to bind to are not in short supply.

> Sent: Sunday, July 19, 2020 at 12:50 PM
> From: "Alexander CarĂ´t" <alexander_carot at gmx.net>
> To: "qt qt" <interest at qt-project.org>
> Subject: [Interest] wss:// on localhost
>
> Hello all,
> 
> after having fixed my QWebsocketServer issue I ran into another problem:
> 
> Beside my properly working SSL websocket I have another websocket which serves as the technical interface between my website and a Qt application required for the service.
> 
> This websocket used to work insecure (ws://) and now I am as well trying to run it in secure mode (ws://), however, I wonder if also in this case I need an extra certificate. Furthermore, I wonder if afer deployment this implies that users would also need a dedicated certificate (which would be be acceptable in terms of usability).
> 
> Alternatively I could run the application websocket insecure (ws://) but it semms that some web browsers dislike the mixture of ws:// and wss:// for some reason although the main site is run via https:// and ws:// the downgrade should not be a problem.
> 
> Can anyone tell if
> 
> a) there is way to get rid of certificates on localhost despite using wss://
> b) there is a reliable way of having ws:// and wss:// at the same time
> 
> Thanks a lot in advance,
> best
> 
> Alex
> 
> 
> --
> http://www.carot.de
> Email : Alexander at Carot.de
> Tel.: +49 (0)177 5719797
> 
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> https://lists.qt-project.org/listinfo/interest
>

More information about the Interest mailing list