The Danosphere.

Things at work have been ramping up as we prepare for our enterprise-level release of software which utilizes many technologies…. FMS2, Jboss, Mysql, PHP, Flash, and Java. Everything has been going rather smoothly, until we began testing our security settings!

Data is secured using FMS2’s native SSL support. While this works great on the PC side of things, Macs are a different issue altogether. In testing we found that attempting to connect to a media server which uses SSL through the RTMPS protocol from a Mac computer results in a full scale server crash. The edge server loses connection to the core, tries to restart it, fails, and basically whats left is a dead media server… not good! Whats even stranger is that connecting to the same application via RTMP protocol connects with no issues!

Of course, I have made Adobe aware of this issue as well but they have yet to release a fix (no surprise there). Int he meantime there are a few solutions I have come up with:

Solutions to the MAC/FMS2 native SSL bug

• Tell all your users to go buy a PC
• Use JS detection to detect mac users and have them use RTMP to connect (unsecured, but at least they can connect and it doesn’t crash the server)
• Use a 3rd party SSL server such as STunnel to handle the SSL end of things (untested) this would theoretically avoid whatever is wrong the FMS/SSL+Mac and still enable mac users to utilize the secured connection

The important thing to remember here is that ANY connection attempt from a mac on RTMPS will bring down the server when using the native FMS SSL, and disconnect all clients! This means if some non user on a mac stumbled upon your login page and attempted a login the server would come crashing down and all your paying users would get disconnected!

Recently while working on a project using Flash Media Server 2, I discovered a rather major issue with the server itself. If a user disconnects in a less-than-graceful manner, such as losing internet connection, or unplugging their LAN cable, or something of that nature, the server seems to think they are still connected! At first I didn’t believe it but after further testing, sure enough the connection were being left open in FMS2, and this led to all types of other problems when FMS2 tried to send data to clients that actually no longer exist!

I contacted Adobe about this issue, and they confirmed this was indeed a bug (of course I had to make a sample app to prove it to them first). While there is not immediate Adobe solution to this issue, with the help of some other FMS’ers I have come up with this temporary solution. It is basically a heartbeat on the server side which calls a function on each client and waits for a response. If no response is received within XX secs, it can be assumed the client is no longer connected. This solution works well except if you have an application that does a lot of data crunching. Because if the app is crunching data, it wont respond to the heartbeat until the data is processed, and this can lead to false disconnects, something to keep in mind.

Here is the file i sent to adobe, which both illustrates the issue, and has a workaround to detect the detected client faster than FMS2 does on its own.

Ghost Connection Workaround