Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WebSocket with SSL

Tags:

ssl

websocket

Is it possible to have WebSockets with HTTPS?

When switching to HTTPS, my WebSocket returns a security error and works perfectly with regular HTTP.

Below, a snippet;

socket = new WebSocket("ws://my_www:1235"); 
like image 543
Eric Avatar asked Mar 16 '12 22:03

Eric


People also ask

Does WebSocket use SSL?

The probe supports Secure Sockets Layer (SSL) connections between the probe and WebSocket. SSL connections provide additional security when the probe retrieves alarms from the target systems. To enable SSL connections, obtain any required SSL certificates and Trusted Authority certificates for WebSocket.

Are WebSockets over https?

You can't use WebSockets over HTTPS, but you can use WebSockets over TLS (HTTPS is HTTP over TLS). Just use "wss://" in the URI.

Does WebSocket use TLS?

WebSocket Uses the Same Encryption as HTTPS (TLS/SSL) You configure TLS (also known as SSL) encryption for WebSocket wire traffic the same way you do for HTTP, using certificates. With HTTPS, the client and server first establish a secure envelope (connection) and only then begin the HTTP protocol.


4 Answers

The WebSocket connection starts its life with an HTTP or HTTPS handshake. When the page is accessed through HTTP, you can use WS or WSS (WebSocket secure: WS over TLS) . However, when your page is loaded through HTTPS, you can only use WSS - browsers don't allow to "downgrade" security.

like image 64
Peter Moskovits Avatar answered Sep 29 '22 09:09

Peter Moskovits


You can't use WebSockets over HTTPS, but you can use WebSockets over TLS (HTTPS is HTTP over TLS). Just use "wss://" in the URI.

I believe recent version of Firefox won't let you use non-TLS WebSockets from an HTTPS page, but the reverse shouldn't be a problem.

like image 39
kanaka Avatar answered Sep 29 '22 07:09

kanaka


1 additional caveat (besides the answer by kanaka/peter): if you use WSS, and the server certificate is not acceptable to the browser, you may not get any browser rendered dialog (like it happens for Web pages). This is because WebSockets is treated as a so-called "subresource", and certificate accept / security exception / whatever dialogs are not rendered for subresources.

like image 32
oberstet Avatar answered Sep 29 '22 07:09

oberstet


To support the answer by @oberstet, if the cert is not trusted by the browser (for example you get a "this site is not secure, do you want to continue?") one solution is to open the browser options, navigate to the certificates settings and add the host and post that the websocket server is being served from to the certificate provider as an exception.

for example add 'example-wss-domain.org:6001' as an exception to 'Certificate Provider Ltd'.

In firefox, this can be done from 'about:preferences' and searching for 'Certificates'

like image 41
Iggs_Grey Avatar answered Sep 29 '22 07:09

Iggs_Grey