WebSocket connections fail with SSL Visibility (SSLV) offloading
Article ID: 251195
Updated On:
Products
ProxySG Software - SGOS
SSL Visibility Appliance Software
Issue/Introduction
WebSocket connections fail when proxied in an SSLV offloading environment.
This issue can be identified by the following,
- the WebSocket HTTP upgrade/downgrade (101 switching protocols) is successful
- a failure occurs once switching to a WebSocket tunnel
- the browser developer tools displays an error such as One or more reserved bits are on: reserved1 = 0, reserved2 = 0, reserved3 = 1 under the web socket connection's Messages tab
Cause
WebSocket connections must be decrypted on both the client and server-side connections or cut through on both sides in an SSLV offloading configuration.
SGOS does not support mixing plain/encrypted connections once the HTTP proxy hands the transaction off for WebSocket tunneling.
Resolution
On the SSLV configuration, ensure both the client side (client machine to ProxySG) and server side (ProxySG to the Internet) are handled the same, either both SSLV offloaded or both cut through.
Feedback
Yes
No
Powered by
