TWebSocketClient and SSL

When I use a server without an SSL certificate the communication works correctly.
When I install the certificates, it is not possible to establish communication.
Can you help me how to set up an SSL connection on the client side.


TWebSocketClient is mapping onto the browsers' WebSocket API. There's not much you need to do if it was working previously other than perhaps enabling the UseSSL property to force the connection to be created through wss even on localhost. Make sure the port is also correct if you changed it for SSL. By default this component uses ws (unsecure) connection from HTTP, and wss (secure) from HTTPS. However it's also possible to use wss from HTTP, that is why we have the UseSSL property.

What is the error you get when trying to connect? If you cannot connect through wss despite having the properties (server, port, path, etc...) set the same way as before then it's most likely your server is not configured properly.

Thanks for the reply.

I'm trying to find the correct way to do it.
I adapted the example to work on linux with Indy.
For websocketserver I used an example ...Demos/FNC/Chat/WEBLib.WebSocketServer.pas
To make it work on debian 10 i had to use OpenSSL
I made certificates so that the server would work properly, so that it could read the library and certificates.

Now I'm interested in what I need to do on the web server, which client loads.
Loading works, if I don't have an IOHandler built

FServerIOHandler: TIdServerIOHandlerSSLOpenSSL; it has been replaced by TIdOpenSSLIOHandlerServer
from OpenSSL
my OpenSSL 1.1.1n

When I import the certificate into the explorer, it connects to the server and then immediately disconnects.
(the connect and disconnect event is activated)
when I created the key I used a password, does it need to be entered somewhere?

Unfortunately we have no experience with Debian + Lazarus + Indy especially when combined with the ongoing newer OpenSSL implementation.

The best you can do is try to get Indy working first with SSL in a separate application. Once you can connect to that Indy server (via HTTPS for example), then you can try to go back to the WebSocketServer demo and try to apply the same changes you made in your test project.

On a side note, if you are working with self-signed certificates you might need to accept the certificate from the browser first (such as visiting the server from HTTPS) before being able to make a WSS connection.

I went back to openssl v 1.0.2, i did the certs.
if WebSocketClient1.UseSSL := false
the connection is established and everything works properly

if WebSocketClient1.UseSSL := true
The connection is established and they are immediately disconnected

In this case there is no need to install the certificate, everything will work, so I don't have a secure connection.

Can I get an example of a secure connection that works on delphi, server side and client side

For client side, as I mentioned the browser will handle automatically everything for you, you only need to make sure to force the connection to wss. For that you need to set the UseSSL property to True.

For server side, the demo is already there. In theory you only need to extend it for SSL:

procedure TChatService.ServiceStart(Sender: TService; var Started: Boolean);
  if Assigned(FTCPServer) then

  FTCPServer := TTMSWebSocketServer.Create(Self);
  FTCPServer.OnMessageReceived := MessageReceived;
  FTCPServer.CertificatePath := 'your_PEM_cert_path'; //added
  FTCPServer.UseSSL := True; //added
  FTCPServer.Active := True;

  Started := True;

Other than that, you'll need to make sure to have the correct certificates and they are accepted by the browser. The default port is 8888 in the demo, you can change that by assigning another port to the FTCPServer.Port property.

Thank you Tünde Keller,
with openssl v1.0.2 and WebSocketClient1.UseSSL := true work!