Expand my Community achievements bar.

Cannot connect to lccs in a proxy(firewall) protected network

Avatar

Level 2
Level 2
1/22/11 10:45:31 PM

I am building an air app which uses lccs. It works fine behind the proxy settings in our network. But in another network, it just stuck at connecting. After some investigation I found that lccs tries to establish HTTP CONNECT tunneling on port 443 for RTMPS. My questions are

1.Does lccs wraps rtmps data in HTTP packets for communication, or it just communicate using only rtmps (non-http binary protocol) after http connect tunnel established?

2.After http connect tunnel established, is it generally allowed to do non-http communication over SSL (port 443)?

Views

1.6K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Employee
Employee
1/24/11 1:58:20 PM

The LCCS client will try to connect to our servers in different ways, in the following sequence:

1) via RTMFP (new version of RTMP that works over UDP) on port 1935. This may also require opening other outgoing UDP ports in the range 19350+.

2) via RTMPS (RTMP over SSL) on port 443. I think this is what generates the HTTP CONNECT request but after that the client will send RTMP traffic on the encrypted connection.

3) via RTMPTS (tunneled RTMP) on port 443. This should tunnel RTMP traffic over an HTTPS connection and wrap RTMP request in HTTP/HTTPS requests.

So, if you firewall can allow outgoing requests on the specified ports it should work.

We had cases where other customers had problems similar to yours, and we think it's because the firewall (in case 2) expects HTTP traffic over the HTTPS connection. Also, we have noticed that tunneling requests often time out.

If you could run your application with debug enabled (either by running it in Flexbuilder or by installing the debug FlashPlayer and configuring it to log traces in a debug file) it would help figuring out what your problem is.

Views

335

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
1/24/11 11:08:59 PM

Thanks for the reply.

Would you please clarify.

1) Does option 3 mean: same as option2 except it wraps RTMPS packets in HTTP requests?

2) What I understand, in firewall settings where HTTP CONNECT tunneling is not available or RTMFP related ports are not open, in those settings app cannot connect to LCCS. Is this true?

3) In general, is HTTPS communication possible without HTTP CONNECT tunneling enabled in firewalls?

Views

345

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
1/25/11 2:19:18 PM

1) With this option RTMP packets are wrapped in HTTPS requests

2) If you have a firewall that blocks both RTMFP and RTMPS (the HTTP CONNECT is not accepted) we try option 3 (RTMPTS) that should look like a series of POSTs and GETs over an HTTPS connection, but as I said sometime there are timing issues and the handshake fails.

Again, if you can run the debug FlashPlayer and collect the debug message it will be clear which requests are attempted and what the result is.

Views

339

Replies

0
Sign in to like this content

Total Likes

Translate
Translate