Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Hybrid View

  1. #1

    Question I need a help to enable the HTTPS "SSL" in (LightStreamer 5.1.1)

    Hello Everyone,

    I have in my website a (Marketwatch) streaming prices, But when I started using HTTPS the (MarketWatch) stopped and No streaming prices.


    I think the (LightStreamer) need some changes, or something else..


    Please I need your help to enable the HTTPS in (LightStreamer 5.1.1).





    Best Regards

  2. #2
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    In order to enable https in your Lightstreamer server you have to configure one (or more) <https_server> section in the lightstreamer_conf.xml configuration file.
    Please go through the inline comment of the section (https://lightstreamer.com/repo/distr...eamer_conf.xml) for detailed instructions.

    Please also take a look at this documentation (https://lightstreamer.com/docs/ls-se...rtificates.pdf) with instructions on how to get and deploy a working TLS certificate in your Lightstreamer server.
    Also make sure that the license you are using is compatible with the TLS/SSL feature.

    Regards,
    Giuseppe

  3. #3
    Dear Mr. Giuseppe,

    Thank you so much for your informative and valuable reply.

    Kindly, I have attached to you my "lightstreamer_conf.xml", please is it compatible with the TLS/SSL feature?


    Could you Please help me to make some editing in this file to make it working with SSL.


    Please I would like to be the https port: 8443


    Thank you so much in advance.

  4. #4
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi *William1,

    As I said in my previous mail, you need to copy the <https_server> section from here (https://lightstreamer.com/repo/distr...eamer_conf.xml) in your lightstreamer_conf.xml file, just below the <http_server> section.
    Then you need to uncomment the section itself, and the following parameters:

    <port>8443</port>

    this is the port the server will accept https requests;

    <keystore>
    <keystore_file>myserver.keystore</keystore_file>
    <keystore_password>mypassword</keystore_password>
    </keystore>


    This is the keystore containing the TLS certificate of your domain, please refer to this documentation (https://lightstreamer.com/docs/ls-se...rtificates.pdf) for detailed instructions in order to create your keystore and then copy it under /conf folder.

    All other parameters of the section are optional and you can decide how to set them, especially pay attention to <remove_cipher_suites>.
    However, please consider that version 5.1.1 is very old, and there have been many updates up to now, also regarding the https management.
    So my advice is to schedule an upgrade to a newer version at your earlier convenience.

    Regards,
    Giuseppe

  5. #5
    Dear Mr. Giuseppe,

    Thank you so much for your explanation and valuable reply.

    I did everything as you said very well, But i got this error in Lightstreamer.log


    21-Oct-21 17:30:20,585|ERROR|ghtstreamerLogger.connections.s sl|L HANDSHAKE POOLED THREAD 1|Handshake error on Lightstreamer HTTPS Server: no cipher suites in common on 51.223.4.198:57642.


    Please help me to solve the error.

    Thank you so much in advance.

  6. #6
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    The error message about ssl/tls means that you have configured your Lightstreamer server with a security policy which may be too restrictive for some clients.
    This generally happens when your server-side configuration only enables the latest and strongest protocols and cipher suites, disabling all the weaker and deprecated ones, while some clients that try a connection only support the older ones.

    The available protocols and cipher suites are reported in the log at server startup, so you can verify if your configuration lacks any important cipher suite.
    Note also that the set of protocols and cipher suites allowed depends on the configuration of the <https_server> but also from your java installation.

    In the server log you should also find other messages that better specify the type of request that was rejected, in case you could also set to DEBUG the LightstreamerLogger.connections.ssl category, it should give us more information. But please be aware that it is quite verbose.

    Regards,
    Giuseppe

  7. #7
    Dear Mr. Giuseppe,

    Thank you so much for your valuable reply.


    - Kindly, as you mentioned; In "lightstreamer_log_conf.xml" I set the LightstreamerLogger.connections.ssl category to DEBUG, and I got more details information in logs, I have attached the logs file for you "Lightstreamer.log" and "LS.out" file.


    - Kindly, help me to configure my Lightstreamer server with a lower security policy and remove the restrictive for some clients to make Lightstreamer work.


    Thank you so much in advance.
    Attached Files Attached Files

  8. #8
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    Unfortunately the additional log didn't give us enough information to figure out what is going on with the TLS/SSL handshake.

    At this point, the log that could be useful is the Java SSL debug logging, to dissect the details of the TLS handshake algorithm TLS, not of the competence of Lightstreamer.
    You could launch a Lightstreamer server after adding the -Djavax.net.debug=ssl:handshake:verbose parameter to the java call (editing the LS.bat file in the bin folder).
    The log of the outcome of TLS handshake will be printed in the Server console log.

    Regards,
    Giuseppe

  9. #9
    Dear Mr. Giuseppe,

    Thank you so much for your nice reply.

    Is the correct way to add the parameter to "LS.bat" at anywhere in the file just like that?:

    "-Djavax.net.debug=ssl:handshake:verbose"


    Thank you so much in advance.

  10. #10
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    716
    Hi William1,

    No, the -Djavax.net.debug=ssl:handshake:verbose options must be added to the JAVA_OPTS parameter.
    Referring to the factory LS.bat of version 5 just append to the line

    set JAVA_OPTS=-server

    that will become

    set JAVA_OPTS=-server -Djavax.net.debug=ssl:handshake:verbose

    I'm sorry I didn't provide more detailed instructions in previous posts.

    Regards,
    Giuseppe

 

 

Similar Threads

  1. How to enable SSL
    By devx in forum General
    Replies: 1
    Last Post: October 18th, 2018, 11:09 AM
  2. General understanding (need help!)
    By b45ic in forum Adapter SDKs
    Replies: 2
    Last Post: August 21st, 2014, 06:52 PM
  3. Replies: 0
    Last Post: March 8th, 2010, 11:27 AM
  4. Replies: 3
    Last Post: February 19th, 2010, 12:14 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT +1. The time now is 08:20 PM.