uWebSockets (C++): secure wss server

Question

I am using uWebSockets in C++ to host a WebSocket server. However, I need it to be a secure wss server instead of simply a ws server.

I have tried this code:

uS::TLS::Context tls = uS::TLS::createContext ("./cert.perm", "./key.perm", "passphrase");

if (h.listen (9002, tls)) {
    cout << "Game server listening on port 9002" << endl;
    h.run();
}

I am using this shell command to generate the certificate and key:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 30

I then tried connecting to my remote server using wss://address instead of the usual ws://address, however, it cannot connect.

Any ideas why? Thanks

UPDATE #1

The tls variable seems to be actually NULL, so it looks like the certificate part isn't working.

UPDATE #2

I got the file extensions wrong in the code, they're meant to be pem instead of perm. However, the server will now not establish a connection on both wss and ws.

UPDATE #3

After fixing the issue mentioned above, the tls variable is now 1 instead of 0 (which I assumed was NULL).

Answer 1

If you are using a web browser ws-client to connect to wss://address, try checking if the browser is the problem. It happened to me that I had created my own certificates, but the browser blocks the connection as they are not certified by any CA. Enter in your browser something like: "https://address", and add a security exception for your "address".

Answer 2

I know you can use uWebSockets for SSL/TLS, however... I would consider separating the TLS/SSL concern from the main application.

Separating the TLS/SSL layer from the app allows you to update the TLS/SSL without recompiling the application as well as simplifies the codebase.

I would recommend using a TLS/SSL proxy or tunnel while having the app bind locally to the loopback address or to a unix socket.