ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange
Ask Your Question

rosbridge websocket ssl connection aborted

asked 2014-12-01 10:28:46 -0500

CalisM gravatar image

Hi all, I can't establish a wss-connection between Firefox 33.1 and roslaunch rosbridge_server rosbridge_websocket.launch. I always get an Alert(21) in Wireshark.

My Setup:
SERVER Ubuntu 12.04 LTS + Hydro + latest rosbridge
CLIENT Windows 7 U. + Firefox 33.1 + roslib R6


<!DOCTYPE html>
<meta charset="utf-8" />
<script type="text/javascript" src="js/eventemitter2.js"></script>
<script type="text/javascript" src="js/mjpegcanvas.js"></script>
<script type="text/javascript" src="js/roslib.js"></script>
<script type="text/javascript" type="text/javascript">
function init() {

    var ros = new ROSLIB.Ros({url : 'wss://'});

    ros.on('connection', function() {
        console.log('Connected to websocket server.');

    ros.on('error', function(error) {
        console.log('Error connecting to websocket server: ', error);

    ros.on('close', function() {
        console.log('Connection to websocket server closed.');
    <body onload="init()">
    <h1>Simple SSL Example</h1>
    <div id="mjpeg"></div>

My OpenSSL:
openssl genrsa -out server_key.pem 2048

Certificate Signing Request:
openssl req -new -key server_key.pem -out server_csr.pem

openssl x509 -req -days 1825 -in server_csr.pem -signkey server_key.pem -out server_cert.pem

My launch-file-arguments:

  <arg name="port" default="9090" />
  <arg name="address" default="" />
  <arg name="ssl" default="true" />
  <arg name="certfile" default="/home/user/ssl/server_cert.pem" />
  <arg name="keyfile" default="/home/user/ssl/server_key.pem" />
  <arg name="authenticate" default="false" />

In Wireshark after TCP-Handshake my client inits TLSv1.2 "Client Hello" and server responds "Server Hello". Server sends "Certificate". Client says "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message". Immediately after the above packet the client sends an "Encrypted Alert" followed by "FIN,ACK"-packet which finishes transaction. I've even imported the server_cert.pem into Firefox, nothing changed. What is wrong?

edit retag flag offensive close merge delete


How are you loading the web page? Via a web server or from a file URL?

rtoris288 gravatar image rtoris288  ( 2014-12-01 11:15:30 -0500 )edit

File URL like: double-click on ssl_test.html. No web servers running. Only websocket server.

CalisM gravatar image CalisM  ( 2014-12-01 11:25:43 -0500 )edit

I'm pretty sure you need to be loading the file across a web server for browsers to run it correctly. I believe it is a security problem to connect to a WSS server from a file URL that modern web browsers don't allow. Just a thought.

rtoris288 gravatar image rtoris288  ( 2014-12-01 13:03:03 -0500 )edit

I just tried with nginx. Firefox is sending SSL "Client Hello", so I think it shouldn't be a browser issue. I'm stuck. Do you know a working tutorial somewhere? Thanks for your help.

CalisM gravatar image CalisM  ( 2014-12-01 14:33:49 -0500 )edit

My only other guess is it denying the self-signed certificate. We are using signed certificates for our projects with an example similar to yours and things seem to be working as intended.

rtoris288 gravatar image rtoris288  ( 2014-12-01 15:07:33 -0500 )edit

I've tried following:

sudo ssldump -a -A -H -i lo
openssl s_client -connect

Nothing but connected(00003). No Handshake, no ciphers... means the server on port 9090 does not respond. I checked same certificates with a complete setup SSL-nginx-server and it works.

CalisM gravatar image CalisM  ( 2014-12-01 16:40:40 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2014-12-03 12:09:40 -0500

CalisM gravatar image

I figured out a solution for working with self-signed certificates. For those running into the same problem just open the URL:PORT of your secure websocket-server in the browser like:

or from a remote machine:

A security warning will appear, asking you to confirm or decline the self-signed certificate. Accept it and your done.

edit flag offensive delete link more


Any idea how to uses this with

biaspoint gravatar image biaspoint  ( 2020-12-09 11:33:23 -0500 )edit seems to be working by running the default roslaunch rosbridge_server rosbridge_websocket.launch on port 9090 without any ssl authentication. On my end, the websocket endpoint is ws://

Den gravatar image Den  ( 2021-08-24 03:13:11 -0500 )edit

Question Tools

1 follower


Asked: 2014-12-01 10:28:46 -0500

Seen: 4,810 times

Last updated: Dec 03 '14