Encrypted WebSocket

WebSocket is a communication protocol that supports bidirectional communication over a single TCP connection. An Encrypted WebSocket connection is essentially a secure WebSocket that is established using SSL/TLS.

Usage

In the way that HTTPS is preferable to HTTP, using an Encrypted WebSocket is preferable to using a plain WebSocket. The threat from many different types of WebSocket attacks is negated when the connection is secured because intermediaries, including any potential man-in-the-middle threat actors, do not have access to the data in the traffic.

URI

The WebSocket protocol uses the Ws (WebSocket) URI scheme, whereas an Encrypted WebSocket uses the wss (WebSocket Secure) URI scheme.

wss : [// authority] path [? query]

Note

As in the case with the standard WebSocket, the format of the URI is standard except that it does not support fragments.

Improved reliability

The wss scheme is not only more secure but more reliable because that some proxy servers do not recognize the WebSocket-specific scheme. Consequently, an intermediate may drop the request or terminate the connection. However, because wss is encrypted using SSL/TLS, there is no visibility as it passes through intermediaries, and because they can’t read the data, it is passed through without further inspection.

Example

In this example, an Encrypted WebSocket connection is opened using JavaScript. Event and error handling functions follows as developed.

const connection = new WebSocket(‘wss://files.example.re/’);

Takeaway

Encrypted WebSocket connections are a secure version of the standard WebSocket functionality. They offer a mechanism for secure bidirectional communication over a single TCP connection that is established on infrastructure that supports HTTP and HTTPS.

See also

Last updated: August 2, 2023