From 4e6e692b301a0e868b821b71b5ac07e728ac3f3c Mon Sep 17 00:00:00 2001
From: Dario Nieuwenhuis <dirbaio@dirbaio.net>
Date: Wed, 12 Apr 2023 23:26:47 +0200
Subject: [PATCH] client: support websocket over TLS (wss://).

---
 client/service.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/client/service.go b/client/service.go
index bac57167..a2b2ffd9 100644
--- a/client/service.go
+++ b/client/service.go
@@ -455,7 +455,12 @@ func (cm *ConnectionManager) realConnect() (net.Conn, error) {
 	protocol := cm.cfg.Protocol
 	if protocol == "websocket" {
 		protocol = "tcp"
-		dialOptions = append(dialOptions, libdial.WithAfterHook(libdial.AfterHook{Hook: frpNet.DialHookWebsocket()}))
+		dialOptions = append(dialOptions, libdial.WithAfterHook(libdial.AfterHook{
+			// make sure to do the websocket handshake after the TLS handshake,
+			// to support websocket over TLS.
+			Priority: libdial.WithTLSConfigPriority + 1,
+			Hook:     frpNet.DialHookWebsocket(),
+		}))
 	}
 	if cm.cfg.ConnectServerLocalIP != "" {
 		dialOptions = append(dialOptions, libdial.WithLocalAddr(cm.cfg.ConnectServerLocalIP))