[winswitch] HTML5 client with secure websockets

Antoine Martin antoine at nagafix.co.uk
Fri Sep 9 12:41:46 BST 2016


>> And second question :
>> If a firewall on the client side is stopping the ssl traffic to the
> server, would it obviously block the secure websocket traffic to same
> server as well?
> That sounds likely.
> How does your firewall decide to block this traffic?
> Layer-7 filtering doesn't really work for SSL traffic, only for the
> initial certificate exchange which is plain text.
> And if it is just based on port numbers, why would it care what sort of
> traffic flows on that port?
> 
> First ssl handshake message from client successfully goes to the server as I can see connection request in the xpra server logs.But client never gets the message back from server. Seems like firewall decides to block this.
I think you're just hitting this bug which is already fixed in trunk:
http://xpra.org/trac/ticket/1213
Do you get the same problem with the python client in SSL mode or just
the html5 client over https?

> I set up xpra server on port 443 for testing this.
> If I setup a https server on port 443 ... that is not blocked by firewall.Any idea what is going on?
Make sure you're running the very latest code for SSL support.
You should run the server with "-d network" or even "-d all" to get some
debugging information.

> Or anyway to avoid getting ssl blocked?
Assuming that is the case, consult with your firewall vendor?

Cheers
Antoine




More information about the shifter-users mailing list