[Nfd-dev] Secure websocket support in NFD?

[Alex Afanasyev]

I think besides the basic support from the library, the actual problem with TLS is necessity to get actual CA-issued certificate and then configure it.
I would suggest not having such support (at least not in the near future).

Things can get relative simple if we integrated with Alex Halderman's https://letsencrypt.org/ <https://letsencrypt.org/> here, but it still will only apply to NFD’s that has domain names (e.g., some gateway nodes).

—
Alex

> On Jan 23, 2015, at 12:21 PM, Wentao Shang <wentaoshang at gmail.com> wrote:
> 
> Hi Jeff T,
> 
> The WebSocket library we are using in NFD is 'websocketpp'
> 
> http://www.zaphoyd.com/websocketpp <http://www.zaphoyd.com/websocketpp>
> 
> It supports WebSocket over TLS but we haven't added that to NFD yet. If there is consensus that this will be useful, we can add wss support in the next release of NFD (the only issue is to pick a port number for wss server).
> 
> Best,
> Wentao
> 
> On Fri Jan 23 2015 at 10:53:50 AM Thompson, Jeff <jefft0 at remap.ucla.edu <mailto:jefft0 at remap.ucla.edu>> wrote:
> Hello NFD team,
> 
> If a web page is served over https, and the JavaScript in the web page wants to make a WebSocket connection, then this connection must be over secure WebSocket over TLS (wss). This means that if a web page servered over https needs to communicate with an NFD host, then the WebSocket proxy in NFD needs to support secure WebSocket.
> 
> Does the WebSocket library used by NFD support secure TLS connections (wss)?
> 
> Thanks,
> - Jeff T

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150123/2ab87579/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150123/2ab87579/attachment.bin>