In order to enable https in your Lightstreamer server you have to configure one (or more) <https_server> section in the lightstreamer_conf.xml configuration file.
Please go through the inline comment of the section (https://lightstreamer.com/repo/distr...eamer_conf.xml) for detailed instructions.
Please also take a look at this documentation (https://lightstreamer.com/docs/ls-se...rtificates.pdf) with instructions on how to get and deploy a working TLS certificate in your Lightstreamer server.
Also make sure that the license you are using is compatible with the TLS/SSL feature.
As I said in my previous mail, you need to copy the <https_server> section from here (https://lightstreamer.com/repo/distr...eamer_conf.xml) in your lightstreamer_conf.xml file, just below the <http_server> section.
Then you need to uncomment the section itself, and the following parameters:
<port>8443</port>
this is the port the server will accept https requests;
This is the keystore containing the TLS certificate of your domain, please refer to this documentation (https://lightstreamer.com/docs/ls-se...rtificates.pdf) for detailed instructions in order to create your keystore and then copy it under /conf folder.
All other parameters of the section are optional and you can decide how to set them, especially pay attention to <remove_cipher_suites>.
However, please consider that version 5.1.1 is very old, and there have been many updates up to now, also regarding the https management.
So my advice is to schedule an upgrade to a newer version at your earlier convenience.
Thank you so much for your explanation and valuable reply.
I did everything as you said very well, But i got this error in Lightstreamer.log
21-Oct-21 17:30:20,585|ERROR|ghtstreamerLogger.connections.s sl|L HANDSHAKE POOLED THREAD 1|Handshake error on Lightstreamer HTTPS Server: no cipher suites in common on 51.223.4.198:57642.
The error message about ssl/tls means that you have configured your Lightstreamer server with a security policy which may be too restrictive for some clients.
This generally happens when your server-side configuration only enables the latest and strongest protocols and cipher suites, disabling all the weaker and deprecated ones, while some clients that try a connection only support the older ones.
The available protocols and cipher suites are reported in the log at server startup, so you can verify if your configuration lacks any important cipher suite.
Note also that the set of protocols and cipher suites allowed depends on the configuration of the <https_server> but also from your java installation.
In the server log you should also find other messages that better specify the type of request that was rejected, in case you could also set to DEBUG the LightstreamerLogger.connections.ssl category, it should give us more information. But please be aware that it is quite verbose.
- Kindly, as you mentioned; In "lightstreamer_log_conf.xml" I set the LightstreamerLogger.connections.ssl category to DEBUG, and I got more details information in logs, I have attached the logs file for you "Lightstreamer.log" and "LS.out" file.
- Kindly, help me to configure my Lightstreamer server with a lower security policy and remove the restrictive for some clients to make Lightstreamer work.
Unfortunately the additional log didn't give us enough information to figure out what is going on with the TLS/SSL handshake.
At this point, the log that could be useful is the Java SSL debug logging, to dissect the details of the TLS handshake algorithm TLS, not of the competence of Lightstreamer.
You could launch a Lightstreamer server after adding the -Djavax.net.debug=ssl:handshake:verbose parameter to the java call (editing the LS.bat file in the bin folder).
The log of the outcome of TLS handshake will be printed in the Server console log.
Bookmarks