websockify and self signed certificates

803 views Asked by At

The server I am trying to establish a connection to is using TLS1.2 with a self signed certificate. Since browsers like chrome don't accept them anymore, I deployed websockify with a verifiable certificate and that works fine. The part where is failing is the TLS connection between websockify and the server. If I set that connection with a server that is not encrypted everything works as it should.

the server gives me a cafile and a subject string and a ssl_cyphers. How can I use them to configure websockify proxy to make that second part of the connection encrypted.

This is what I tried. Only thing missing is the host-subject which I am not sure how to set. My understanding is the first part of the command correspond to the left side of the proxy connection and the 2nd part (separated by empty line) the target socket connection. Let me know if I misunderstood this part as well.

/var/www/websockify/run 5959 \

   --verbose \
   --ssl-only
   --record /tmp/websockify.log \
   --cert=/etc/letsencrypt/live/ws1.xxxx.net/cert.pem \
   --key=/etc/letsencrypt/live/ws1.xxx.net/privkey.pem \

   --ssl-target \
   --cafile=${CAFILE} \
   --ssl-ciphers='HIGH:!aNULL'

   ${host}:${tls_port}
1

There are 1 answers

0
Pascal DeMilly On

Got it working. needed to force the ssl-version to what I needed in this case tlsv1_2