I need a help to enable the HTTPS "SSL" in (LightStreamer 5.1.1)

[giuseppe.corti]

Hi William1,

In order to enable https in your Lightstreamer server you have to configure one (or more) <https_server> section in the lightstreamer_conf.xml configuration file.
Please go through the inline comment of the section (https://lightstreamer.com/repo/distr...eamer_conf.xml) for detailed instructions.

Please also take a look at this documentation (https://lightstreamer.com/docs/ls-se...rtificates.pdf) with instructions on how to get and deploy a working TLS certificate in your Lightstreamer server.
Also make sure that the license you are using is compatible with the TLS/SSL feature.

Regards,
Giuseppe

[William1]

Dear Mr. Giuseppe,

Thank you so much for your informative and valuable reply.

Kindly, I have attached to you my "lightstreamer_conf.xml", please is it compatible with the TLS/SSL feature?


Could you Please help me to make some editing in this file to make it working with SSL.


Please I would like to be the https port: 8443


Thank you so much in advance.

[giuseppe.corti]

Hi *William1,

As I said in my previous mail, you need to copy the <https_server> section from here (https://lightstreamer.com/repo/distr...eamer_conf.xml) in your lightstreamer_conf.xml file, just below the <http_server> section.
Then you need to uncomment the section itself, and the following parameters:

<port>8443</port>

this is the port the server will accept https requests;

<keystore>
<keystore_file>myserver.keystore</keystore_file>
<keystore_password>mypassword</keystore_password>
</keystore>

This is the keystore containing the TLS certificate of your domain, please refer to this documentation (https://lightstreamer.com/docs/ls-se...rtificates.pdf) for detailed instructions in order to create your keystore and then copy it under /conf folder.

All other parameters of the section are optional and you can decide how to set them, especially pay attention to <remove_cipher_suites>.
However, please consider that version 5.1.1 is very old, and there have been many updates up to now, also regarding the https management.
So my advice is to schedule an upgrade to a newer version at your earlier convenience.

Regards,
Giuseppe

[William1]

Dear Mr. Giuseppe,

Thank you so much for your explanation and valuable reply.

I did everything as you said very well, But i got this error in Lightstreamer.log


21-Oct-21 17:30:20,585|ERROR|ghtstreamerLogger.connections.s sl|L HANDSHAKE POOLED THREAD 1|Handshake error on Lightstreamer HTTPS Server: no cipher suites in common on 51.223.4.198:57642.


Please help me to solve the error.

Thank you so much in advance.

[giuseppe.corti]

Hi William1,

The error message about ssl/tls means that you have configured your Lightstreamer server with a security policy which may be too restrictive for some clients.
This generally happens when your server-side configuration only enables the latest and strongest protocols and cipher suites, disabling all the weaker and deprecated ones, while some clients that try a connection only support the older ones.

The available protocols and cipher suites are reported in the log at server startup, so you can verify if your configuration lacks any important cipher suite.
Note also that the set of protocols and cipher suites allowed depends on the configuration of the <https_server> but also from your java installation.

In the server log you should also find other messages that better specify the type of request that was rejected, in case you could also set to DEBUG the LightstreamerLogger.connections.ssl category, it should give us more information. But please be aware that it is quite verbose.

Regards,
Giuseppe