You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@teaclave.apache.org by GitBox <gi...@apache.org> on 2020/12/16 12:08:11 UTC

[GitHub] [incubator-teaclave-sgx-sdk] celaus edited a comment on issue #291: Encrypted websockets in SGX

celaus edited a comment on issue #291:
URL: https://github.com/apache/incubator-teaclave-sgx-sdk/issues/291#issuecomment-746189534


   Hi! Thank you for looking into this. 
   
   
   So your command connects ok for me, the server closes the connection because of a lack of other messages I assume:
   
   ~~~
   $ openssl s_client -connect echo.websocket.org:443 -showcerts
   CONNECTED(00000005)
   depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
   verify return:1
   depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   verify return:1
   depth=0 CN = websocket.org
   verify return:1
   ---
   Certificate chain
   ... 
   
   ---
   No client certificate CA names sent
   ---
   SSL handshake has read 2735 bytes and written 538 bytes
   ---
   New, TLSv1/SSLv3, Cipher is AES128-SHA
   Server public key is 2048 bit
   Secure Renegotiation IS supported
   Compression: NONE
   Expansion: NONE
   No ALPN negotiated
   SSL-Session:
       Protocol  : TLSv1.2
       Cipher    : AES128-SHA
       Session-ID: 5FD9F135D37824CCF498B252867CBC59E26872F08961B5EB2E12A36065AC5E9F
       Session-ID-ctx:
       Master-Key: FC17A81B8B422F29CB4CA0CA34F5EA84C15A051F5136DEC7AE4765615184FA0F4353813D2F8CD4A1CE4E4071AF6508B9
       Start Time: 1608119990
       Timeout   : 7200 (sec)
       Verify return code: 0 (ok)
   ---
   
   closed
   ~~~
   
   the closed appears only after several seconds of doing nothing. A proper websocket client can be found on www.websocket.org (with chrome or another new browser with websocket support) and then it keeps the connection open. 
   
   ![image](https://user-images.githubusercontent.com/713346/102346603-66ae9700-3f9f-11eb-911d-b9609da16861.png)
   
   The payload connects just fine without encryption too, so I don't think that should be the issue (for that, use the socket as a TCP stream as-is and connect on port 80)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org