[winswitch] XPRA on TLS/SSL

Mukul Agrawal mukulagrawal78 at yahoo.com
Mon Jan 2 19:39:36 GMT 2017


OK, I tried something slightly different. I removed the "ssl=https" (seems like I was not reading the wiki on https://xpra.org/trac/ticket/1213 correctly).
Here is what I did :-
xpra start :17 --bind-tcp=0.0.0.0:3001 --ssl=on --ssl-cert=./fullchain.pem --ssl-key=./privkey.pem --start=xclock
=>  Simply hit the https://hostname.com. Web-browser says Secure Connection Failed. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.=> XPRA log is showing:- Error: error in network packet reading/parsing^[[0m ^[[31m2017-01-02 19:11:15,446 invalid_header() takes exactly 3 arguments (4 given) Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/xpra/net/protocol.py", line 682, in _read_parse_thread_loop self.do_read_parse_thread_loop() File "/usr/lib/python2.7/dist-packages/xpra/net/protocol.py", line 725, in do_read_parse_thread_loop=> openssl s_client -connect host:443 -- this is showing ssl is connect and is working fine
Any idea why browser is not connecting? Do I need to provide some parameters on the address line on the browser?


 Regards, 
Mukul 
 

    On Monday, January 2, 2017 5:20 PM, Mukul Agrawal via shifter-users <shifter-users at lists.devloop.org.uk> wrote:
 

 I got a commercial SSL certificate installed on my ubuntu xenial machine.I tested the setup using a simple "Hello World" python https server. Everything is woorking good. I can hit the index page using https from anywhere from outside world.Also checked with "openssl s_client -connect" and it confiorms that certificate is using used properly.
Now I started the xpra server following instructions here -
Encryption/SSL – Xpra

  
|  
|  
|  
|  |    |

  |

  |
|  
|  |  
Encryption/SSL – Xpra
 xpra - screen for X  |  |

  |

  |

 

Used following command :-
xpra start :17 --start=xclock --bind-tcp=0.0.0.0:3001 --ssl=on --ssl-cert=/path/to/fullchain.pem --ssl-key=/
path/to/privatekey.pem ssl=https

Now if I hit the webaddress from webbrowser with https, I get following error on browser ;-
SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

"openssl s_client -connect" is showing "connected" but giving an error  140770FC:SSL rountines:SSL23_GET_SERVER_HELLO:unknown_protocol:s23_clnt.c:794:

XPRA server logs are showing "invalid packet header, SSL packet?"

Any idea what is going on?I am doing iptable routing from 443 to 3001. This works just fine with the above mentioned "Hello World" python https server. It seems to me there is some problem with websockify's webserver is trying to attach certificates to wrong port or network interface. Any advice on how to debug this?

 Regards, 
Mukul 



 

  
_______________________________________________
shifter-users mailing list
shifter-users at lists.devloop.org.uk
http://lists.devloop.org.uk/mailman/listinfo/shifter-users


   


More information about the shifter-users mailing list