Login/Register
Difference between ws and wss?
Asked Answered
Solved websocketjava-websocket
T

1

94

What is the procedure to change ws into wss?

Whether wss is make upgrade over normal HTTP or wss works only HTTPS?

webSocket = new WebSocket("ws://localhost:port/Esv/ocp");

works fine, when I changed ws to wss

webSocket = new WebSocket("wss://localhost:port/Esv/ocp");

it shows this error:

Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR

Thrashing answered 4/10, 2017 at 5:17 Comment(0)
N
143

Short version

To SSL or not SSL

You may have a SSL certificate issue. The connection point rule can be summarized as:

  • wss connects on https only
  • ws connects on http

and vice-versa:

  • https accepts wss only
  • http accepts ws only

Errors

Following situations will lead you to an error (tests done under Firefox):

  • If you want to connect a wss connection to a http endpoint. In my tests, I had an

    InvalidStateError: An attempt was made to use an object that is not, or is no longer, usable

  • If you want to connect a ws connection to a https endpoint, you'll have the error

    SecurityError: The operation is insecure.

Formal answer

The bible of websocket is RFC 6455. In section 4.1.5:

If /secure/ is true, the client MUST perform a TLS handshake over the connection after opening the connection and before sending the handshake data [RFC2818]. If this fails (e.g., the server's certificate could not be verified), then the client MUST Fail the WebSocket Connection and abort the connection. Otherwise, all further communication on this channel MUST run through the encrypted tunnel [RFC5246].

The secure flag is defined by the URI. Section 3 defines what is secure

The URI is called "secure" (and it is said that "the secure flag is set") if the scheme component matches "wss" case-insensitively.

TL;DR

If you want to use wss:

  • you must have SSL activated
  • your endpoint point must be secured (https://...): "security downgrade" is not allowed

If you want to use ws:

  • Make sure your endpoint does not have SSL enabled (http://...)
Nazarene answered 4/10, 2017 at 7:32 Comment(6)
Thank you..And is really possible that wss works for http also?Thrashing
Nope, websocket does not allow a "security" downgrade. I'll edit my answer to highlight that. Thanks for pointing outNazarene
@Thrashing I updated my answer following your feedback. Does it answer your question?Nazarene
@mahe: The only way to connect WSS over HTTP is to use an intermediate WebSocket proxy that accepts WSS/HTTPS and forwards using WS/HTTP.Szeged
So it's NOT possible to initiate a WS with an HTTPS request? We have to use HTTP?Tshombe
As far as I recall, you have the mirror the secured / non-secured connection.Nazarene

© 2022 - 2024 — McMap. All rights reserved.