Use flash.net.SecureSocket instead of com.hurlant.crypto.tls.TLSSocket

[luciferous]

For easy reference: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/SecureSocket.html.

Known issue with Linux: http://forums.adobe.com/message/3565880?tstart=0.

[gimite]

What's advantage using SecureSocket?

[kanaka]

It sounds like something worthwhile in the long-run, but the Linux issue is a problem.

Also, I note on the page that SecureSocket doesn't allow overriding self-signed certs easily which would be a major impediment for development. It's unclear to me from the description if a self-signed cert that is accepted manually by the browser would also be accepted by SecureSocket (which is how native WebSockets work in firefox). And it might differ between browsers how the trust chain works for SecureSocket.

So I would personally be cautious of switching until SecureSocket is proven out on multiple browsers and OS platforms.

Although, since I am the one who added the as3crypto support I could be biased. ;-)

[luciferous]

I'm interested in maintaining a branch with SecureSocket. Hopefully it matures to acquire feature-parity with as3crypto.

@gimite The advantage of using something native to Flash is eliminating the need to rely on a 3rd party dependency.

[mloughran]

Would this also reduce the swf file size? I seem to remember it got a lot bigger when the wss support was added. Would be a big win :)

[gimite]

If the advantage is just that it's standard library and it possibly reduces SWF file size, but it has some issues such as one in Linux, then I will not switch to SecureSocket for now. 172KB wouldn't be much issue with network/devices recently...

[luciferous]

@gimite Would you be open to host a SecureSocket branch?

[gimite]

I don't plan to do that myself for now. It's open source, so anyone who want can do it.

[ghost]

I think hurlant feels safer.

[gimite]

Related note: #122 reported that SSL communicatoin fails with current implementation in some environment and the issue doesn't happen with SecureSocket.

[leefj]

i use Netty and SecureSocket in my App. it works on iOS ,but not work on android . on android the SecureSocket.serverCertificateStatus value is invalid . does any body know how to solve this problem? and shat "user-permission" should config ?