[Libwebsockets] iOS 9 issue

Roger Light roger at atchoo.org
Fri Oct 16 10:59:41 CEST 2015


Hi all,

I'm hoping for some help with a problem I've had reported to me by a
user. When he connects to my program on a TLS socket provided through
libwebsockets using Safari on OS X everything is fine. On iOS 9 using
Safari or the web app it fails with the error:

WebSocket network error: The operation couldn't be completed.
(OSStatus error -9807.)

The log on the server looks like:

insert_wsi_socket_into_fds: wsi=0x1441130, sock=17, fds pos=2
inserted SSL accept into fds, trying SSL_accept
SSL_accept failed 2 / error:00000002:lib(0):func(0):system lib
SSL_ERROR_WANT_READ
SSL_accept failed 5 / error:00000005:lib(0):func(0):DH lib
SSL_accept failed skt 17: error:00000005:lib(0):func(0):DH lib
close: just_kill_connection
remove_wsi_socket_from_fds: wsi=0x1441130, sock=17, fds pos=2
not calling back closed
insert_wsi_socket_into_fds: wsi=0x1441130, sock=17, fds pos=2
inserted SSL accept into fds, trying SSL_accept
SSL_accept failed 2 / error:00000002:lib(0):func(0):system lib
SSL_ERROR_WANT_READ
SSL_accept failed 2 / error:00000002:lib(0):func(0):system lib
SSL_ERROR_WANT_READ
SSL_accept failed 5 / error:00000005:lib(0):func(0):DH lib
SSL_accept failed skt 17: error:00000005:lib(0):func(0):DH lib
close: just_kill_connection
remove_wsi_socket_from_fds: wsi=0x1441130, sock=17, fds pos=2
not calling back closed

This suggests to me something is failing in the DH lib part - maybe
something to do with ciphers. Current libwebsockets doesn't configure
DH ciper parameters which does mean that the list of ciphers it
supports is smaller than it could be. I've created a patch[1] that
adds this support, but my user says it didn't help. He's now testing
using the lws test server, so the bug does look to be here, or in iOS
9.

I'm at a bit of a loss as to what to try next, so I'm wondering if
anybody else has seen anything similar, or can help with the debugging
process - I've not got access to any iOS devices.

I'll still be submitting the patch as a pull request, it's still
useful, but would like to make sure there isn't anything else missing
first. The accepted answer at [2] shows a shell script for finding
server supported ciphers so you can see what the patch achieves.

Cheers,

Roger


[1] https://github.com/ralight/libwebsockets/tree/ssl-dh
[2] http://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers



More information about the Libwebsockets mailing list