Implement SSL/wss across all clients

[black-sliver]

What task needs to be completed?

The server can currently run either in SSL (wss) or plain (ws) mode. Clients will most likely have to support both for cases where a locally-hosted MultiServer can't have a valid certificate but archipelago.gg requires SSL.

Implementation

The client/client libs should try both SSL (wss://...) and plain (ws://...) when being supplied just server:port.

In addition to that, where possible, it would be good to allow the user to explicitly select ws or wss by having them enter a full URL (i.e. /connect ws://... vs. /connect wss://...).

Testing

While there is no RC/beta active, http://archipelago:gg:24242 will spin up games in SSL-enabled mode.

There is also an SSL-enabled test room hosted on wss://archipelago.gg:12121

The RC/beta site http://archipelago:gg:24242 will spin up games in SSL-enabled mode. Oct 2, 2023, the main site should switch to SSL as well.

Future client information

Now that all existing clients and libs support SSL, all future clients should be able to do SSL before being merged/released. Some may not be able to do that out of the box. Below are ways to work around issues.

Helper libs

• c-wspp-websocket-sharp - fake websocket-sharp.dll for Archipelago.MultiClient.Net that uses a native WebSocket with OpenSSL support under the hood. Test build in Discord. Now with Automated Builds.

WSS proxies

• Phar's archipelago_wss_proxy

Progress of client libs

If you know if a lib already works mark as done or leave a comment.

• [x] apclientpp: https://github.com/black-sliver/apclientpp/commit/034589499fcac743eb9af7bb2fc5d3d879321153 - requires update wswrap on Desktop
• [x] APCpp
• [x] archipelago.js
• [x] Archipelago.MultiClient.Java
• [x] Archipelago.MultiClient.Net - auto-select since v5.0.0
• [x] ArchipelagoRS - implemented in https://github.com/ryanisaacg/archipelago_rs/commit/da97d068c289d5aec898d61abad05d7c361632f1
• [x] hxArchipelago
• [x] lua-apclientpp
• [x] py: #1341
• [x] various lua libs? People that were asked said theirs work.

Progress of game clients

Insert games here that are known to not work or need to update the client lib to work. If you know one works already, mark as done or leave a comment.

• [x] Meritous
• [x] DS3
• [x] Witness
• [x] HK
• [x] Subnautica: does ws:// <-> wss:// in the mod
• [x] SA2B
• [x] SM64ex
• [x] Rogue Legacy (needs Pre-release 1.0.0 Alpha 4 or newer)
• [x] VVVVVV
• [x] Minecraft
• [x] DLC Quest
• [x] Stardew Valley
• [x] StS
• [x] Overcooked 2
• [x] Messenger
• [x] Hylics 2
• [x] Blasphemous
• [x] Bumper Stickers
• [x] DOOM 1993
• [x] Muse Dash
• [x] Noita
• [x] Terraria

Unsupported clients

• [x] AHiT uses phar's proxy

[Berserker66]

Subnautica works with recent versions if the user submits the full wss url. No automatic detection, hoping that will happen on the library layer.

[Jarno458]

its on my TODO list to add automatic wss if the user does not supply a protocol to the .net lib. currently thats not at all implemented and it just uses ws:// if no protocol is supplied

however specificly providing an wss:// uri does work with the .net lib

[ThePhar]

archipelago.js has been updated to support wss://

EDIT: Just saw this is intending for the selection to be automatic. It's still a manual process, but I can attempt to make it auto in the next version of archipelago.js

[N00byKing]

APCpp now supports automatic SSL. I haven't updated the games yet, currently not home.

EDIT: I've updated APCpp for V6. I'll wait before updating sm64ex in order to get potential bug reports for APCpp as V6 provides a more consistent installation

[ThePhar]

archipelago.js 0.6.0 will support automatic SSL. Clique has been updated to use it. Will be pushing it to npm later this weekend.

[heinermann]

Timespinner also only works if you enter wss:// yourself in the server field.

Noita (new game) will try connecting with wss:// and fall back to ws:// if it fails.

[agilbert1412]

Stardew Valley: Seems to work only if the user inputs wss:// manually. Not ideal, but usable DLCQuest: Does not work at all, regardless of how the user tries it. Will need to touch base with Jarno on Multiclient.Net

EDIT: Jarno release a new beta of Multiclient.Net that allows DLCQuest to behave like other .net games. The user can input wss:// manually.

[KonoTyran]

Archipelago.multiclient.java does support wss, if the game/user gives a protocol, it will use only that protocol, if none is given, then it will try wss, and then ws in that order.

[kindasneaki]

Hollow Knight just needs to update the .net multiclient lib and it will be able to support it. I dont know who would be able to do that. I dont know if it would be worth it for HK to just wait until jarno updates the lib to support automatic SSL.

[kindasneaki]

I Should also add the RoR2 needs manual wss://

[Jarno458]

https://github.com/ArchipelagoMW/Archipelago.MultiClient.Net v5.0.0 will now try to connect over wss when no protocol is specified, if that fails it tries to connect over ws instead. so i guess clients need to be updated, but i dont have a clear vision on what games use it nowdays

[Jarno458]

Timespniner was updated BK_Sudoku was updated

The Messenger was attempted but fail to implement this

[N00byKing]

As no issues with SSL in V6 were reported, I've now also updated sm64 to utilize the new APCpp version

[Jarno458]

Simular to The Messenger, Hylics also does not work on wss

[Berserker66]

Subnautica has a stable version out that switches ws/wss in mod and a testing version in the discord channel that relies on the library instead. I tested both versions in regards to this functionality.

[ScipioWright]

Stardew and DLCQuest were updated and no longer needs the user to input wss:// Overcooked 2 requires the user to input wss:// The Witness was updated to work There's some sort of modified multiclient that makes Hollow Knight work, I'm iffy on the details. It should be in the Hollow Knight discord chat somewhere. SA2B works with a pre-release version. SM64 works with a newer version just like with V6, like N00by said.

[PoryGone]

SA2B can be checked off as of the next release.

[BadMagic100]

As implied by the linked issue above - HK can be checked off as of next release

[kindasneaki]

Muse Dash works with wss

[FelicitusNeko]

hxArchipelago (and thus Bumper Stickers) confirmed working with WSS. Will downgrade automatically but not upgrade. Shouldn't be too much trouble getting it working in both directions.

Edit: Should also attempt to upgrade now. Also running into a weird issue where debug builds don't connect to WSS, but final builds are fine. This issue should be invisible to end users.

[Marechal-L]

The current build of DS3 works with wss:// ( Already checked on this list anyway )

[Seldom-SE]

It works for Terraria

[black-sliver]

@alwaysintreble @TRPG0 the fake websocket-sharp now has a "final" build (linked above). Let me know when you tested it and released a mod update, so we can check it off the list.

@KonoTyran any update on the minecraft mod release?

[alwaysintreble]

The Messenger now supports SSL https://github.com/alwaysintreble/TheMessengerRandomizerModAP/releases/tag/v0.11.8

[TRPG0]

Hylics 2 has been updated https://github.com/TRPG0/ArchipelagoHylics2/releases/tag/1.0.6

[BrandenEK]

Blasphemous has been updated

[KonoTyran]

WSS Compatible Minecraft client has been promoted from beta to release.