Menu
It is possible having a wss protocol over http ? i've read on a forum that ws work with http, but wss works only with https ? Is that true ?
Cause i'm trying to test it on my wamp on localhost, but not working
364
The WebSocket protocol defines a ws:// and wss:// prefix to indicate a WebSocket and a WebSocket Secure connection respectively. Both schemes use an HTTP upgrade mechanism to upgrade to the WebSocket protocol.
The wss protocol establishes a WebSocket over an encrypted TLS connection, while the ws protocol uses an unencrypted connection. To establish the connection, the browser and server perform a WebSocket handshake over HTTP.
WebSocket uses HTTP as the initial transport mechanism, but keeps the TCP connection alive after the HTTP response is received so that it can be used for sending messages between client and server.
wss is secure only because it means "WebSocket protocol over https". WebSocket protocol itself is not secure. There is no Secure WebSocket protocol, but there are just "WebSocket protocol over http" and "WebSocket protocol over https". See also this answer.
ws tells a WebSocket client library to use http to connect to a WebSocket server. Likewise, wss tells a WebSocket client library to use https to connect to a WebSocket server. Just that. "ws protocol" and "wss protocol" are strange words. "WebSocket protocol" is the right word. WebSocket protocol can be used over both plain HTTP connections (http) and secure HTTP connections (https).
Note that communication between a WebSocket client and a WebSocket server starts as a normal HTTP protocol. To start WebSocket communication, a WebSocket client sends a request like below to a WebSocket server (This is an excerpt from RFC 6455, 1.2. Protocol Overview).
GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Origin: http://example.com
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 13
As you can see, this is a normal HTTP GET request. A WebSocket server can wait for this kind of requests on an unsecured port (http, 80 is the default) or on a secured port (https, 443 is the default). It's up to WebSocket servers.
If a WebSocket server you are using is waiting for requests on an unsecured port, pass ws to a WebSocket client library you are using. Otherwise, if the WebSocket server is waiting for requests on a secured port, pass wss to the WebSocket client library.
Some implementations of WebSocket client libraries accept not only ws and wss but also http and https just for developers' convenience.
"WSS on http" is a strange word. On the other hand, "WebSocket protocol on http" and "WebSocket protocol on https" make sense.
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
