What is the procedure to change ws into wss?
Whether wss is make upgrade over normal HTTP or wss works only HTTPS?
webSocket = new WebSocket("ws://localhost:port/Esv/ocp");
works fine, when I changed ws to wss
webSocket = new WebSocket("wss://localhost:port/Esv/ocp");
it shows this error:
Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
The wss protocol establishes a WebSocket over an encrypted TLS connection, while the ws protocol uses an unencrypted connection. At this point, the network connection remains open and can be used to send WebSocket messages in either direction.
WebSocket is an event-driven protocol, which means you can actually use it for truly realtime communication. Unlike HTTP, where you have to constantly request updates, with websockets, updates are sent immediately when they are available.
WSS defines the binding of XML digital signatures, XML encryption, and username/password tokens to secure SOAP messages. WSS in the Application Server defines how to use WSS to secure invocations of Web services, including Web services deployed on our Application Server.
The WebSocket protocol specification defines ws (WebSocket) and wss (WebSocket Secure) as two new uniform resource identifier (URI) schemes that are used for unencrypted and encrypted connections respectively.
To SSL or not SSL
You may have a SSL certificate issue. The connection point rule can be summarized as:
wss
connects on https only
ws
connects on http
and vice-versa:
https
accepts wss only
http
accepts ws only
Errors
Following situations will lead you to an error (tests done under Firefox):
wss
connection to a http
endpoint. In my tests, I had an InvalidStateError: An attempt was made to use an object that is not, or is no longer, usable
ws
connection to a https
endpoint, you'll have the error SecurityError: The operation is insecure.
The bible of websocket is RFC 6455. In section 4.1.5:
If /secure/ is true, the client MUST perform a TLS handshake over the connection after opening the connection and before sending the handshake data [RFC2818]. If this fails (e.g., the server's certificate could not be verified), then the client MUST Fail the WebSocket Connection and abort the connection. Otherwise, all further communication on this channel MUST run through the encrypted tunnel [RFC5246].
The secure flag is defined by the URI. Section 3 defines what is secure
The URI is called "secure" (and it is said that "the secure flag is set") if the scheme component matches "wss" case-insensitively.
If you want to use wss
:
https://...
): "security downgrade" is not allowedIf you want to use ws
:
http://...
)If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With