EzyFox Server SSL

Updated at 1699804068000
SSL is very important in software development. It works by ensuring that any data transferred between users and applications, or between two systems, remains impossible to read. It uses encryption algorithms to scramble data in transit, which prevents hackers from reading it as it is sent over the connection. This data includes potentially sensitive information such as names, addresses, credit card numbers, or other financial details.

Support

Currently, ezyfox server's supporting SSL for:

  1. Websocket: you need by a SSL certificate (any certificate providers)
  2. Android: via android client SDK and you don't need by any certificate
  3. iOS: via swift client SDK and you don't need by any certificate

Connection Flow

In android and iOS, ezyfox server need 5 step to enable SSL:

  1. Client connect to server
  2. After the connection successfully, client send handshake command to server with a RSA-2048 public key
  3. Server will generate a AES 32 bytes session key and use the client's public key to encrypt the session key
  4. Server send the ecrypted session key to the client
  5. Client use the RSA private to decrypt the received encrypted session key and save it to memory
  6. From there client and server will use the session key to encrypt/decrypt send/received data

How to enable SSL?

With socket, In ezy-settings you just need add to socket tag:

<ssl-active>true</ssl-active>

Please refer this file to get full settings With websocket, you should configure SSL termiation in load balancer like nginx, because you usually run at least 2 ezyfox server for websocket like this: So, just configure one time on load balancer will be easier than configure in two ezyfox servers. But if you still want to configure SSL for websocket on ezyfox server, you will need generate keystore file and config ezy-settings file like this:

<web-socket>
    <port>2208</port>
    <address>0.0.0.0</address>
    <active>true</active>
    <ssl-port>443</ssl-port>
    <max-frame-size>2048</max-frame-size>
    <writer-thread-pool-size>8</writer-thread-pool-size>
    <ssl-active>true</ssl-active>
    <ssl-config>
        <file>ssl-config.properties</file>
        <loader>com.tvd12.ezyfoxserver.ssl.EzySimpleSslConfigLoader</loader>
        <context-factory-builder>com.tvd12.ezyfoxserver.ssl.EzySimpleSslContextFactoryBuilder</context-factory-builder>
    </ssl-config>
    <codec-creator>com.tvd12.ezyfox.codec.JacksonCodecCreator</codec-creator>
</web-socket>

Next step

You can take a look Javascript ES6 client SDK.