+1 vote
by (130 points)

How to connect to a secure web socket server using wss:// and a key or a certificate ?

1 Answer

0 votes
by (70.4k points)

To handle client certificate requests, please use the WebSocketClient.Settings.SslClientCertificateRequestHandler property.

It can look like this:

// initialize new web socket client instance
var client = new WebSocketClient();

// implement your own ICertificateRequestHandler or use one of predefined
client.Settings.SslClientCertificateRequestHandler =
                    CertificateRequestHandler.StoreSearch;

// connect to desired server
client.Connect("wss://example.com");

For more examples, please visit Client certificate authentication.

by (147k points)
R7.0 is almost ready, but we are now working on finishing R6.13 next week. Once we are done with it, we'll merge R6.13 improvements to R7 and hopefully publish it in a week or so. Sorry for the delay!
by (210 points)
Hi Lukas,
sorry to bother again, but haven't heard anything yet about the new release. Any new date available? We are looking forward to use it. :-)
by (147k points)
Hi, we just published the new release to NuGet.org: https://www.nuget.org/packages/Rebex.Tls/7.0.8581

We will publish this to our website as well tomorrow.
by (210 points)
Hi Lukas,

finally we are now testing again our setup with the latest Rebex-Version + latest development with our IoT-device.

Unfortunately we receive some handshake error. See Rebexlog below.

We also did some trace with WireShark. One thing we noticed, is that maybe some signature algorithm is missing. We do need so something for ED25519, but only those are available:

Extension: signature_algorithms (len=18)
                Type: signature_algorithms (13)
                Length: 18
                Signature Hash Algorithms Length: 16
                Signature Hash Algorithms (8 algorithms)
                    Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                    Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                    Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                    Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                    Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
                    Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
                    Signature Algorithm: ecdsa_sha1 (0x0203)

We are following the approach mentioned here for integration: https://www.rebex.net/kb/simple-elliptic-curve-libraries/

Is there anything additional to consider? Do you have some extra advice, how the support for ED25519 can be enabled?

2023-08-21 17:39:01.205 INFO WebSocketClient(1)[13] WebSocket: Connecting to 'wss://192.168.217.2:28441/maintenance'...
2023-08-21 17:39:01.205 INFO WebSocketClient(1)[13] Info: Assembly: Rebex.WebSocket 7.0.8581 for .NET Core 3.1
2023-08-21 17:39:01.205 INFO WebSocketClient(1)[13] Info: Platform: macOS (Darwin 22.6.0 Darwin Kernel Version 22.6.0: Wed Jul  5 22:21:56 PDT 2023; root:xnu-8796.141.3~6/RELEASE_X86_64) 64-bit; CLR: .NET Core 3.1.32
2023-08-21 17:39:01.205 DEBUG WebSocketClient(1)[13] Info: Culture: en; windows-1252
2023-08-21 17:39:01.234 INFO WebSocketClient(1)[6] HTTP: Connecting to 'https://192.168.217.2:28441'...
2023-08-21 17:39:01.251 DEBUG WebSocketClient(1)[6] Proxy: Connecting to 192.168.217.2:28441 (no proxy).
2023-08-21 17:39:01.255 DEBUG WebSocketClient(1)[6] Proxy: Connection established.
2023-08-21 17:39:01.323 DEBUG WebSocketClient(1)[6] TLS: Using classic TLS core.
2023-08-21 17:39:01.333 DEBUG WebSocketClient(1)[6] TLS: Enabled cipher suites: 0x0C1F3CC32B000000.
2023-08-21 17:39:01.333 DEBUG WebSocketClient(1)[6] TLS: Applicable cipher suites: 0x0C1F3CC32B000000.
2023-08-21 17:39:01.457 VERBOSE WebSocketClient(1)[6] TLS: Sent TLS packet:
 0000 |16-03-03-02-00-01-00-01 FC-03-03-64-E3-85-15-5D| ...........d...]
 0010 |EF-AD-1F-86-35-B3-41-F2 B4-E7-D5-5B-7B-03-18-D9| ....5.A....[{...
 0020 |13-61-91-B1-4A-79-1D-02 CD-F0-A3-00-00-26-C0-2B| .a..Jy.......&.+
 0030 |C0-2F-C0-2C-C0-30-CC-A9 CC-A8-00-9E-00-9F-CC-AA| ./.,.0..........
 0040 |C0-23-C0-27-C0-24-C0-28 00-67-00-6B-00-9C-00-9D| .#.'.$.(.g.k....
 0050 |00-3C-00-3D-01-00-01-AD 00-00-00-12-00-10-00-00| .<.=............
 0060 |0D-31-39-32-2E-31-36-38 2E-32-31-37-2E-32-00-17| .192.168.217.2..
 0070 |00-00-FF-01-00-01-00-00 0A-00-08-00-06-00-1D-00| ................
 0080 |17-00-18-00-0B-00-02-01 00-00-0D-00-12-00-10-04| ................
 0090 |01-04-03-05-01-05-03-06 01-06-03-02-01-02-03-00| ................
 00A0 |15-01-62-00-00-00-00-00 00-00-00-00-00-00-00-00| ..b.............
 00B0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 00C0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 00D0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 00E0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 00F0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0100 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0110 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0120 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0130 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0140 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0150 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0160 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0170 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0180 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0190 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01A0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01B0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01C0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01D0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01E0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 01F0 |00-00-00-00-00-00-00-00 00-00-00-00-00-00-00-00| ................
 0200 |00-00-00-00-00                                 | .....
2023-08-21 17:39:01.459 DEBUG WebSocketClient(1)[6] TLS: HandshakeMessage:ClientHello was sent.
2023-08-21 17:39:01.466 VERBOSE WebSocketClient(1)[6] TLS: Received TLS packet:
 0000 |15-03-03-00-02-02-28                           | ......(
2023-08-21 17:39:01.469 INFO WebSocketClient(1)[6] TLS: Fatal Alert:HandshakeFailure was received.
2023-08-21 17:39:01.475 DEBUG WebSocketClient(1)[6] TLS: Rebex.Net.TlsException: Fatal error 'HandshakeFailure' has been reported by the remote connection end.
   at rxohr.cklaq.ohtwy(Byte[] p0, Int32 p1, Int32 p2)
   at rxohr.drmdh.kkrxg(Byte[] p0, Int32 p1, Int32 p2)
   at rxohr.drmdh.cwoax()
by (147k points)
Ed25519 signature scheme is disabled by default, and has to be enabled using SetSignatureSchemes method. The following code gets successfully connects to a WebSocket server using OpenSSL:
    var client = new WebSocketClient();
    client.Settings.SetSignatureSchemes(TlsSignatureScheme.Ed25519); // enable Ed25519
    client.Settings.SslAllowedSuites = TlsCipherSuite.Secure;
    client.Settings.SslAcceptAllCertificates = true; // do not do this in production
    client.Connect("wss://server.example.org");
...