Encrypted WebSocket
WebSocket is a communication protocol that supports bidirectional communication over a single TCP connection. An Encrypted WebSocket connection is essentially a secure WebSocket that is established using SSL/TLS.
Usage
In the way that HTTPS is preferable to HTTP, using an Encrypted WebSocket is preferable to using a plain WebSocket. The threat from many different types of WebSocket attacks is negated when the connection is secured because intermediaries, including any potential man-in-the-middle threat actors, do not have access to the data in the traffic.
URI
The WebSocket protocol uses the Ws (WebSocket) URI scheme, whereas an Encrypted WebSocket uses the wss (WebSocket Secure) URI scheme.
wss : [// authority] path [? query]
Note
As in the case with the standard WebSocket, the format of the URI is standard except that it does not support fragments.
Improved reliability
The wss scheme is not only more secure but more reliable because that some proxy servers do not recognize the WebSocket-specific scheme. Consequently, an intermediate may drop the request or terminate the connection. However, because wss is encrypted using SSL/TLS, there is no visibility as it passes through intermediaries, and because they can’t read the data, it is passed through without further inspection.
Example
In this example, an Encrypted WebSocket connection is opened using JavaScript. Event and error handling functions follows as developed.
const connection = new WebSocket(‘wss://files.example.re/’);
Takeaway
Encrypted WebSocket connections are a secure version of the standard WebSocket functionality. They offer a mechanism for secure bidirectional communication over a single TCP connection that is established on infrastructure that supports HTTP and HTTPS.