TLS 1.3 not supported - Githubissues

vi / websocat

Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions

MIT License

6.73k stars 259 forks source link

Open hellow554 opened 2 years ago

hellow554 commented 2 years ago

I'm under Windows 11, installed websocat via

cargo install websocat --features ssl

My nginx server is configured to only accept TLSv1.3 connections via

ssl_protocols TLSv1.3;

it seems that websocat is not able to connect to it and errors out with:

websocat: WebSocket SSL error: Das Format der empfangenen Nachricht war unerwartet oder fehlerhaft. (os error -2146893018)
websocat: error running

which translates roughly to:

websocat: WebSocket SSL error: The format of the received data is unexpected or erroneous. (os error -2146893018)

If I add TLSv1.2 to the nginx config as well, it works.

vi commented 2 years ago

https://badssl.com/ seems lacks TLSv1.3-only subdomain. Is there alternative endpoint to test connectivity with TLSv1.3-only servers?

On Windows, websocat is supposed to use system crypto libraries. Can Windows itself connect to TLSv1.3?

Maybe it can be possible to build Websocat for Windows with integrated OpenSSL instead of relying on Windows libraries.

hellow554 commented 2 years ago

According to this page you can use

openssl s_client -tls1_3 -connect tls13.cloudflare.com:443

you could setup your own nginx with a dummy certificate ;)

vi commented 2 years ago

openssl s_client -tls1_2 -connect tls13.cloudflare.com:443 works as well.

vi commented 2 years ago

Note that use can try workaround method of using TLS in Websocat, outsourcing it to external program.

Does that work on Windows?

hellow554 commented 2 years ago

Testing that on Monday