Am 02.01.2017 um 13:20 schrieb Inquie:
Seems I need to use HTTPs for firefox security issues with rest.
https://developer.mozilla.org/en-US/docs/Web/Security/Mixedcontent/Howtofixwebsitewithmixed_content
auto settings = new HTTPServerSettings; settings.bindAddresses = ["::1", "127.0.0.1"]; settings.port = 443; settings.tlsContext = createTLSContext( TLSContextKind.server, TLSVersion.tls1_2 ); listenHTTP(settings, router);gives the error:
Handling of connection failed: Accepting SSL tunnel: error:140760FC:SSL routines:SSL23GETCLIENT_HELLO:unknown protocol (336027900)
Of course, it works fine as a normal server.
changing TLSVersion to ssl3 or any gives
Handling of connection failed: Accepting SSL tunnel: error:1408A0C1:SSL routines:SSL3GETCLIENT_HELLO:no shared cipher (336109761)
which I assume I need a certificate and such? Do we always need a certificate or does tls1_2 create mock one for us? In the first, how do I create a certificate and all that so I can get the https server up and running?
Thanks.
The missing certificate would be my guess for this error, too. No
automatic certificate generation will be done, but the exact behavior
depends on the underlying TLS implementation (OpenSSL in this case). If
the application is just used internally, using a self-signed certificate
might be fine:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem
-days 365 -subj /CN=localhost -nodes
Otherwise, Let's Encrypt is a pretty straight
forward and free way to generate a proper trusted certificate. I'm using
Certbot in standalone mode to generate the certificate and adding the
fullchain.pem (useCertificateChainFile) and the privkey.pem
(usePrivateKeyFile) the TLS context is all that has to be done to make
everything work.