rosbridge websocket ssl connection aborted
Hi all, I can't establish a wss-connection between Firefox 33.1 and roslaunch rosbridge_server rosbridge_websocket.launch. I always get an Alert(21) in Wireshark.
My Setup:
SERVER 192.168.2.199: Ubuntu 12.04 LTS + Hydro + latest rosbridge
CLIENT 192.168.2.33: Windows 7 U. + Firefox 33.1 + roslib R6
My HTML:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<script type="text/javascript" src="js/eventemitter2.js"></script>
<script type="text/javascript" src="js/mjpegcanvas.js"></script>
<script type="text/javascript" src="js/roslib.js"></script>
<script type="text/javascript" type="text/javascript">
function init() {
var ros = new ROSLIB.Ros({url : 'wss://192.168.2.199:9090'});
ros.on('connection', function() {
console.log('Connected to websocket server.');
});
ros.on('error', function(error) {
console.log('Error connecting to websocket server: ', error);
});
ros.on('close', function() {
console.log('Connection to websocket server closed.');
});
}
</script>
</head>
<body onload="init()">
<h1>Simple SSL Example</h1>
<div id="mjpeg"></div>
</body>
</html>
My OpenSSL:
Key:
openssl genrsa -out server_key.pem 2048
Certificate Signing Request:
openssl req -new -key server_key.pem -out server_csr.pem
Certificate:
openssl x509 -req -days 1825 -in server_csr.pem -signkey server_key.pem -out server_cert.pem
My launch-file-arguments:
<arg name="port" default="9090" />
<arg name="address" default="" />
<arg name="ssl" default="true" />
<arg name="certfile" default="/home/user/ssl/server_cert.pem" />
<arg name="keyfile" default="/home/user/ssl/server_key.pem" />
<arg name="authenticate" default="false" />
In Wireshark after TCP-Handshake my client inits TLSv1.2 "Client Hello" and server responds "Server Hello". Server sends "Certificate". Client says "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message". Immediately after the above packet the client sends an "Encrypted Alert" followed by "FIN,ACK"-packet which finishes transaction. I've even imported the server_cert.pem into Firefox, nothing changed. What is wrong?
How are you loading the web page? Via a web server or from a file URL?
File URL like: double-click on ssl_test.html. No web servers running. Only websocket server.
I'm pretty sure you need to be loading the file across a web server for browsers to run it correctly. I believe it is a security problem to connect to a WSS server from a file URL that modern web browsers don't allow. Just a thought.
I just tried with nginx. Firefox is sending SSL "Client Hello", so I think it shouldn't be a browser issue. I'm stuck. Do you know a working tutorial somewhere? Thanks for your help.
My only other guess is it denying the self-signed certificate. We are using signed certificates for our projects with an example similar to yours and things seem to be working as intended.
I've tried following:
Nothing but connected(00003). No Handshake, no ciphers... means the server on port 9090 does not respond. I checked same certificates with a complete setup SSL-nginx-server and it works.