yrift / jwebsocket

Automatically exported from code.google.com/p/jwebsocket
0 stars 0 forks source link

No client-to-server masking #174

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Create a client websocket, and connect to a server (tomcat 7.0.27 is what 
I'm using)
2. Send a message from the client, use wireshark to sniff traffic.
3. View that message sent from client is in clear text.

What is the expected output? What do you see instead?
Expected to see client data masked per 
http://tools.ietf.org/html/rfc6455#section-5.3
Tomcat 7.0.27 correctly closes the connection with 1002 status error.

What version of the product are you using? On what operating system?
Version 1.06b on Android 2.3.4 with Tomcat 7.0.27 running on Ubuntu Linux 
10.10. Issue #146 states that 1.06b supports the RFC 6455.

Please provide any additional information below.
Sample code for client 

WebSocketClient webClient = new BaseWebSocketClient();
webClient.addListener(new MyWebSocketClientListener());
webClient.open("ws://192.168.1.1:8080/websocket");
webClient.send("sample message, this is going to server, so it should be 
masked".getBytes("UTF-8"));

Thanks!

Original issue reported on code.google.com by jamesce...@gmail.com on 20 Apr 2012 at 6:49

GoogleCodeExporter commented 9 years ago
Same here with Jetty 8.1.5.x (+Atmosphere 1.0.0.beta3) :(

Original comment by law...@gmail.com on 21 Jul 2012 at 3:48

GoogleCodeExporter commented 9 years ago
is there a work-around for this? as mentioned above, jetty will not work with 
an unmasking client

Original comment by gmessa...@gmail.com on 12 Aug 2012 at 11:31