search

statianzo / Fleck

C# Websocket Implementation
MIT License
2.25k stars 583 forks source link

WSS-Connection failing when running WebServer inside Docker-Container #313

Closed Elias-Ebi closed 3 years ago

Elias-Ebi commented 3 years ago

Hello, im currently writing a simple WebServer using Fleck and i enabled Secure Websockets like this:

_server = new WebSocketServer("wss://0.0.0.0:" + "8181");
_server.Certificate = new X509Certificate2("selfSigned.pfx", "somePassword");

Which works fine when running it directly on my Windows 10 local machine. Then i tried running it inside a Docker container, first without using secure websocket, where it also worked just fine. But as soon as i use the setup specified above inside the docker-container, the connection fails:

[Warn] Failed to Authenticate System.AggregateException: One or more errors occurred. (Authentication failed, see inner exception.)
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:141FC0B5:SSL routines:tls_setup_handshake:no ciphers available
   --- End of inner exception stack trace ---
   at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)
   at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)
   --- End of inner exception stack trace ---
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Threading.Tasks.TaskToApm.End(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
   --- End of inner exception stack trace ---

Here is also the Dockerfile i used:

FROM mcr.microsoft.com/dotnet/sdk:5.0-alpine
WORKDIR /app
EXPOSE 80
EXPOSE 8181
COPY ServerLogic/ ./
RUN dotnet publish ./ServerLogic.sln -c Release -o build --self-contained=false
ENTRYPOINT ["dotnet", "./build/ServerLogic.dll"]

Did someone have a similar issue in the past, or knows why this happens, and can help me? Thank you in advance!

AdrianBathurst commented 3 years ago

We're running in docker, but not with ssl as the load balancer is offloading the ssl connection, so can't help much.

statianzo commented 3 years ago

Try setting _server.EnabledSslProtocols = SslProtocols.Tls12 before starting the server.

Elias-Ebi commented 3 years ago

Thanks, I tried that, but unfortunately still the same error.

i542873057 commented 3 years ago

I resolved when i try setting Server.EnabledSslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11;

Elias-Ebi commented 3 years ago

It turned out that the problem was with the client I was using. After that was fixed, the solution with System.Security.Authentication.SslProtocols.Tls12 worked as well. Many thanks for the help!