import ballerina/http;
import ballerina/websocket;
// A WebSocket listener can be configured to accept new connections that are
// secured via mutual SSL.
// The [`websocket:ListenerSecureSocket`](https://docs.central.ballerina.io/ballerina/websocket/latest/records/ListenerSecureSocket) record provides the SSL-related listener configurations.
listener websocket:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "../resource/path/to/public.crt",
keyFile: "../resource/path/to/private.key"
},
// Enables mutual SSL.
mutualSsl: {
verifyClient: http:REQUIRE,
cert: "../resource/path/to/public.crt"
},
// Enables the preferred SSL protocol and its versions.
protocol: {
name: http:TLS,
versions: ["TLSv1.2", "TLSv1.1"]
},
// Configures the preferred ciphers.
ciphers: ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"]
}
);
service /foo on securedEP {
resource isolated function get bar() returns websocket:Service {
return new WsService();
}
}
service class WsService {
*websocket:Service;
remote isolated function onTextMessage(websocket:Caller caller,
string text) returns websocket:Error? {
check caller->writeTextMessage(text);
}
}
Service - Mutual SSLBallerina supports mutual SSL, which is a certificate-based authentication
process in which two parties (the client and server) authenticate each other by
verifying the digital certificates. It ensures that both parties are assured
of each other’s identity. |
import ballerina/http;
import ballerina/websocket;
listener websocket:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "../resource/path/to/public.crt",
keyFile: "../resource/path/to/private.key"
},
A WebSocket listener can be configured to accept new connections that are
secured via mutual SSL.
The websocket:ListenerSecureSocket
record provides the SSL-related listener configurations.
mutualSsl: {
verifyClient: http:REQUIRE,
cert: "../resource/path/to/public.crt"
},
Enables mutual SSL.
protocol: {
name: http:TLS,
versions: ["TLSv1.2", "TLSv1.1"]
},
Enables the preferred SSL protocol and its versions.
ciphers: ["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"]
Configures the preferred ciphers.
}
);
service /foo on securedEP {
resource isolated function get bar() returns websocket:Service {
return new WsService();
}
}
service class WsService {
*websocket:Service;
remote isolated function onTextMessage(websocket:Caller caller,
string text) returns websocket:Error? {
check caller->writeTextMessage(text);
}
}
# You may need to change the certificate file path, private key file path, and
# trusted certificate file path.
bal run websocket_service_mutual_ssl.bal