cWS issue with SSL

[zubairfazal]

Hi

I run a game, before I used to use uWS, but wanted to upgrade to the latest node version so switched to cWS, I had no issues, however when I turned SSL on in my gameserver, I started getting issues, whereas in the old uws I had no issues.

I got some SSL Protocol Error
https://prnt.sc/pkzsqv

Doesnt happen all the time, but sometimes players were unable to connect to my game cos of the error, and would have to either refresh many times to be able to play, or wait for the server to keep retrying connection until player connected.

Because of this issues, I am not able to use SSL within cWS, instead I have had to use an nginx reverse proxy (which works fine)

Im just curious if there is a fix for the SSL inside cWS. This issue never happened to me on the old uws

[zubairfazal]

Sorry by old uws I meant

"uws": "10.148.1"

[goriunov]

@zubairfazal yes ssl has some problems in cWS and few latest node versions (however it works correctly in the node versions which are supported by old uws). I dont think that SSL issue is going to get fixed completely. As a work around at this stage would be to use something like nginx in front with ssl.

[zubairfazal]

@zubairfazal yes ssl has some problems in cWS and few latest node versions (however it works correctly in the node versions which are supported by old uws). I dont think that SSL issue is going to get fixed completely. As a work around at this stage would be to use something like nginx in front with ssl.

Oh so your saying if I use cWS with node 8.1.4 it will work fine? (Its what I used for uws)

[goriunov]

@zubairfazal After some thoughts from release 0.17 SSL Support has been removed for Node.js 10+ you can use proxy like nginx to set up secure connections. Unfortunately there is no simple way to make it work at the moment i will re review this issue later.

[arpu]

this is not a solution for me :/ because nginx to websocket server is not secure

[PlainBane]

You could use Traefik in place of nginx.

[zubairfazal]

You could use Traefik in place of nginx.

is it better?

[PlainBane]

is it better?

It supports websockets and auto Let's encrypt renewal. It's a load balancer and a proxy and handles SSL/TLS. I don't know what do you need exactly. But it's an alternative to nginx, but it's not a webserver.

[goriunov]

New version has been released (1.3.0) with SSL support for node 8+. Node 12 and 13 also working except latest 13.9.0 (it has some outstanding issue, use 13.8.x instead). Check out Secure WebSocket section in README as it requires to pass secureProtocol to https to work correctly.

[zubairfazal]

New version has been released (1.3.0) with SSL support for node 8+. Node 12 and 13 also working except latest 13.9.0 (it has some outstanding issue, use 13.8.x instead). Check out Secure WebSocket section in README as it requires to pass secureProtocol to https to work correctly.

This looks very promising. I will test it this week

[goriunov]

@zubairfazal let me know how it goes :)

[goriunov]

New release 1.3.1 removes secureProtocol from required option. Now creating wss server is pretty much the same as everywhere else. Only outstanding issue is Node 13.9, looks like internal node js problem, hopefully on next release 13.x it will be fixed till that use 13.8.x :)

[Mistik]

New release 1.3.1 removes secureProtocol from required option. Now creating wss server is pretty much the same as everywhere else. Only outstanding issue is Node 13.9, looks like internal node js problem, hopefully on next release 13.x it will be fixed till that use 13.8.x :)

I updated to the 1.3.1 version. Was there some API changes from previous versions?

Suddenly my application got this error

Error: Can not set listener for 'message' event twice
at WebSocket.on (/root/saov2/node_modules/@clusterws/cws/dist/client.js:62:19)
at CwsServer.onAuthorisedSocketConnect (/root/saov2/build/network/CwsServer.js:86:16)
at Object.message (/root/saov2/build/network/CwsServer.js:67:26)
at /root/saov2/node_modules/@clusterws/cws/dist/shared.js:48:46

[Mistik]

New release 1.3.1 removes secureProtocol from required option. Now creating wss server is pretty much the same as everywhere else. Only outstanding issue is Node 13.9, looks like internal node js problem, hopefully on next release 13.x it will be fixed till that use 13.8.x :)

Switched to Node 13.8.0 and using version 1.3.1

Was using it for my game, however the issue still persists still am getting these error messages
failed: Error during WebSocket handshake: net::ERR_SSL_PROTOCOL_ERROR

You can test the issue here

https://senpa.io/web

Check Asia, as only my asia servers are using the latest version, as I was testing the fix

[goriunov]

@MistikSenpa from around version 1+ there is the change in the way listeners set, it informs with and error when you try to set the same event listener twice. Previous behaviour was to replace currently existing listener with new one (i was planning to downgrade that error to warning instead in the next release).

Have just checked Asian server and looks like that issue does not happen always and can still correctly reconnect most of the time... Would you mind providing more information where do you run your serve, what system, and what certs do you use.

I will do more investigation and try to reproduce on my local....

[Mistik]

@MistikSenpa from around version 1+ there is the change in the way listeners set, it informs with and error when you try to set the same event listener twice. Previous behaviour was to replace currently existing listener with new one (i was planning to downgrade that error to warning instead in the next release).

Have just checked Asian server and looks like that issue does not happen always and can still correctly reconnect most of the time... Would you mind providing more information where do you run your serve, what system, and what certs do you use.

I will do more investigation and try to reproduce on my local....

I run my game servers on OVH VPS.

I use Ubuntu 18.

I use a LetsEncrypt cert (please note I don’t have any of these issues when I use Nginx reverse proxy instead for wss, only when using ssl directly in nodejs. My game uses a binary based protocol also)

[goriunov]

@MistikSenpa thank you for more information. I was wondering if you could set secureProtocol option on https configs to TLSv1_2_method and see if issues still persists.

Example:

const options = {
  key: readFileSync('./tests/certs/key.pem'),
  cert: readFileSync('./tests/certs/certificate.pem'),
  secureProtocol: 'TLSv1_2_method'
};

[Mistik]

Hi

I added it to my code and now

@MistikSenpa thank you for more information. I was wondering if you could set secureProtocol option on https configs to TLSv1_2_method and see if issues still persists.

Example:

const options = {
  key: readFileSync('./tests/certs/key.pem'),
  cert: readFileSync('./tests/certs/certificate.pem'),
  secureProtocol: 'TLSv1_2_method'
};

I added it to my code and have deployed it on Asia servers on https://senpa.io/web

So far issue hasnt occured for me, maybe check yourself also and see if it happens?

[goriunov]

@MistikSenpa i have tried on multiple browsers Google Chrome, Firefox, Brave. Could not see that issues any more... I am going to release version 1.4.0 in sometime to downgrade multiple listeners error to warning and change docs to mention secureProtocol option for wss.

[Mistik]

@MistikSenpa i have tried on multiple browsers Google Chrome, Firefox, Brave. Could not see that issues any more... I am going to release version 1.4.0 in sometime to downgrade multiple listeners error to warning and change docs to mention secureProtocol option for wss.

Thanks for much for fixing the issues :D

[goriunov]

New version 1.4.0 has been released. Secure WebSocket docs have been updated to mention secureProtocol again. Going to pin and close this issue.

[goriunov]

Node 13.9+ ssl issue has been resolved from version 1.5.0