WebSocket Secure (wss) Server in vb6.

[Maatooh]

I need to create a server written in vb6 for secure websocket (https), I can create only for http websocket.
But I don't know about the secure encryption protocol that the "wss" version has, so I'm interested in how to implement it.

Can someone guide me?

[wqweto]

Can someone guide me?

A few pointers:

1. Search for "vb6 for secure websocket https" in google
2. In top 5 results there is this github project: VbAsyncSocket

cheers,
</wqw>

[dz32]

i had to interact with a secure websocket for one project I ended up doing it in GO because the code was
readily available. I looked into maybe creating a GO dll and making this available to VB6 but it did not seem like
go has great interoperability. I also found a huge c++ library that supported it but it wasnt worth messing with.

im not 100% but I think the websocket standard is more than just a https enabled connection?

[Maatooh]

A few pointers:

1. Search for "vb6 for secure websocket https" in google
2. In top 5 results there is this github project: VbAsyncSocket

cheers,
</wqw>

Very interesting and useful code to write in https. but I couldn't adapt it to work on https websocket secure (wss) there is a connection request, but it doesn't trigger data arrival event in TLS protocol and it only reaches encrypted TCP.

Could you try adapting it with a practical example ?, since it seems that you understand the subject better. I'm desperate haha, thank you!

[Maatooh]

I extracted the encrypted characters that I receive from the wss client and transformed them to hexadecimal, they are as follows.

In ascii it is unreadable.

Attachment 179000

"16 03 01 02 00 01 00 01 FC 03 03 47 C1 86 27 31 6D 86 67 6B E3 ED 9E B6 9D F8 B4 4B E6 5E 3C DC DE 3A BD 76 B8 FB F8 86 A3 E5 67 20 C5 A5 54 A3 8A D1 0A 93 9A 92 56 4B 80 E0 B3 7F D8 54 53 F4 6A 0B 26 A0 0E 30 FB 9A 67 88 4B 89 00 20 8A 8A 13 03 13 01 13 02 CC A9 CC A8 C0 2B C0 2F C0 2C C0 30 C0 13 C0 14 00 9C 00 9D 00 2F 00 35 01 00 01 93 DA DA 00 00 00 17 00 00 FF 01 00 01 00 00 0A 00 0A 00 08 DA DA 00 1D 00 17 00 18 00 0B 00 02 01 00 00 23 00 00 00 05 00 05 01 00 00 00 00 00 0D 00 12 00 10 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 00 12 00 00 00 33 00 2B 00 29 DA DA 00 01 00 00 1D 00 20 1F ED 1B 01 FE E1 AA 8B 4E 44 9F 96 1E C9 69 C0 FE 6F 57 BB 1C 03 1B 32 AC 19 2D 54 1B 80 D9 6B 00 2D 00 02 01 01 00 2B 00 0B 0A EA EA 03 04 03 03 03 02 03 01 00 1B 00 03 02 00 02 1A 1A 00 01 00 00 15 00 F7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

[dz32]

You are probably going to have to dig through the weeds

https://tools.ietf.org/html/rfc6455

I found this list of websocket libraries, none in VB6 yet. There are some command line
ones which might be of help without having to program in another language.

https://github.com/facundofarias/awesome-websockets

you should also post the client side setup you are using to connect to it.

maybe this

https://github.com/joewalnes/websocketd

[wqweto]

I extracted the encrypted characters that I receive from the wss client and transformed them to hexadecimal, they are as follows.

This is a TLS handshake, the ClientHello message. First byte 0x16 means TLS_CONTENT_TYPE_HANDSHAKE, second and third bytes 0x0301 mean the protocol version which is TLS 1.0, etc. So you need a TLS enabled socket class to "speak" encryption with your clients. Which one do you currently use?

Did you check the sample projects in the VbAsyncSocket repo linked above? There is Project1.vbp in test/secure (and Project2.vbp which is an SSPI/Schannel based alternative) which starts an https server with self-signed certificate or custom PEM encoded one, and accepts client requests on port 10443 which are then dispatched to cRequestHandler class. It uses calls to ReceiveArray method of cTlsSocket class to read already decrypted traffic (not like the hexdump above).

Anyway, the discussion is not going to be very useful unless you post exactly the code that is failing. Hexdumps are not enough. Prepare a sample project/snippet with the WSS/TLS server which is not working as expected.

cheers,
</wqw>

[couttsj]

As wqweto has stated, the Hex dump you provided is a Client Hello, and is not encrypted. Encryption occurs only after the Client and Server Hellos. Below is a breakdown of the information provided. There is some information that I was unable to decipher, particularly the 8A 8A, DA DA, EA EA, etc. All the zeros are optional padding.

Code:

16 03 01 02 00 - Header Unencrypted (len=512) 
01 00 01 FC - Client Hello (len=508)
03 03 - TLS 1.2
47 C1 86 27 31 6D 86 67 6B E3 ED 9E B6 9D F8 B4 - Client Random
4B E6 5E 3C DC DE 3A BD 76 B8 FB F8 86 A3 E5 67 
20 - Session ID (len=32)
C5 A5 54 A3 8A D1 0A 93 9A 92 56 4B 80 E0 B3 7F 
D8 54 53 F4 6A 0B 26 A0 0E 30 FB 9A 67 88 4B 89 
00 20 - Cipher Suites (len=32)
   8A 8A - ????
   13 03 - TLS_CHACHA20_POLY1305_SHA256
   13 01 - TLS_AES_128_GCM_SHA256
   13 02 - TLS_AES_256_GCM_SHA384
   CC A9 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
   CC A8 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
   C0 2B - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   C0 2F - TLS_RSA_WITH_AES_128_CBC_SHA
   C0 2C - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
   C0 30 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
   C0 13 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
   C0 14 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
   00 9C - TLS_RSA_WITH_AES_128_GCM_SHA256
   00 9D - TLS_RSA_WITH_AES_256_GCM_SHA384
   00 2F - TLS_RSA_WITH_AES_128_CBC_SHA
   00 35 - TLS_RSA_WITH_AES_256_CBC_SHA
01 00 - Compression (none)
01 93 - Extension len = 403
DA DA - ????
00 00 - Server Name
   00 17 00 00 
FF 01 - renegotiation_info
   00 01 - (len=1)
      00 - None
00 0A - ECC Curve support
   00 0A - (len=10)
      00 08 - (len=8)
         DA DA - ?????
         00 1D - x25519
         00 17 - secp256r1
         00 18 - secp384r1
00 0B 
   00 02 
      01 00 
00 23 - Session Ticket
   00 00 - (len=0)
00 05 00 05 01 00 
00 00 00 
00 0D - Signature Alg
   00 12 (len=18)
      00 10 (len=16)
         04 03 - ECDSA-SECP256r1-SHA256
         08 04 - RSA-PSS-RSAE-SHA256
         04 01 - RSA-PKCS1-SHA256
         05 03 - ECDSA-SECP384r1-SHA384
         08 05 - RSA-PSS-RSAE-SHA384
         05 01 - RSA-PKCS1-SHA386
         08 06 - RSA-PSS-RSAE-SHA512
         06 01 - RSA-PKCS1-SHA512
00 12 00 00 - ????
00 33 - Key Share
   00 2B - (len=43)
      00 29 - (len=41)
         DA DA 00 01 00 - ????
         00 1D - x25519 Public Key
            00 20 - (len=32)
               1F ED 1B 01 FE E1 AA 8B 4E 44 9F 96 1E C9 69 C0 
               FE 6F 57 BB 1C 03 1B 32 AC 19 2D 54 1B 80 D9 6B 
00 2D - PSK Exchange Modes
   00 02 - (len=2)
      01 - (len=1)
         01 - PSK with (EC)DHE key establishment
00 2B - Supported Versions
   00 0B - (len=11)
      0A - (len=10)
         EA EA - ????
         03 04 - TLS 1.3
         03 03 - TLS 1.2
         03 02 - TLS 1.1 (Depracated)
         03 01 - TLS 1.0 (Depracated)
00 1B 
   00 03 
      02 
      00 02 
1A 1A 00 01 00 00 15 00 
F7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00

J.A. Coutts

[Maatooh]

Thank you very much for your answers, it has helped me understand a lot. Even so, I have not managed to make the wss server in this time, since the project is very extensive. I would like to ask you if you dare to write the project together, I am really beginning to understand tls and I have high hopes of achieving it.

Can you tell me where you would like to start from to access the files.

Thank you!

[couttsj]

Thank you very much for your answers, it has helped me understand a lot. Even so, I have not managed to make the wss server in this time, since the project is very extensive. I would like to ask you if you dare to write the project together, I am really beginning to understand tls and I have high hopes of achieving it.

Can you tell me where you would like to start from to access the files.

Thank you!

I am currently in the process of trying to create a simple secure Web Server, but it is proving to be anything but simple. I will post it in the CodeBank once I get the bugs worked out. I have chosen to use TLS 1.3, because it is my belief that ECC (Elliptical Curve Cryptography) is the way of the future. Most Web Servers now support both TLS 1.2 and TLS 1.3, but supporting both really complicates the process. Only a small part of TLS 1.2 supports ECC, and previous secure protocols (SSL, TLS 1.0, & TLS 1.1) are now deprecated.

You can get a better understanding of TLS 1.3 here:
https://www.vbforums.com/showthread....mulate-TLS-1-3

You can also find a non secure Web Server here:
https://www.vbforums.com/showthread....her-Web-Server

J.A. Coutts