Difference between ws and wss?

by

Short version

To SSL or not SSL

You may have a SSL certificate issue. The connection point rule can be summarized as:

  • wss connects on https only
  • ws connects on http

and vice-versa:

  • https accepts wss only
  • http accepts ws only

Errors

Following situations will lead you to an error (tests done under Firefox):

  • If you want to connect a wss connection to a http endpoint. In my tests, I had an

    InvalidStateError: An attempt was made to use an object that is not, or is no longer, usable

  • If you want to connect a ws connection to a https endpoint, you’ll have the error

    SecurityError: The operation is insecure.

Formal answer

The bible of websocket is RFC 6455. In section 4.1.5:

If /secure/ is true, the client MUST perform a TLS handshake over the connection after opening the connection and before sending the handshake data [RFC2818]. If this fails (e.g., the server’s certificate could not be verified), then the client MUST Fail the WebSocket Connection and abort the connection. Otherwise, all further communication on this channel MUST run through the encrypted tunnel [RFC5246].

The secure flag is defined by the URI. Section 3 defines what is secure

The URI is called “secure” (and it is said that “the secure flag is set”) if the scheme component matches “wss” case-insensitively.

TL;DR

If you want to use wss:

  • you must have SSL activated
  • your endpoint point must be secured (https://...): “security downgrade” is not allowed

If you want to use ws:

  • Make sure your endpoint does not have SSL enabled (http://...)

More Related Contents:

  1. Accessing HttpSession from HttpServletRequest in a Web Socket @ServerEndpoint
  2. Does HTTP/2 make websockets obsolete?
  3. Differences between ZeroMQ and WebSockets
  4. Moving from socket.io to raw websockets?
  5. Maximum concurrent Socket.IO connections
  6. How to inspect WebSocket frames in Chrome properly?
  7. How many system resources will be held for keeping 1,000,000 websocket open? [closed]
  8. Websockets with socket.io on AWS Elastic Beanstalk
  9. Debugging WebSocket in Google Chrome
  10. Is native PHP support for Web Sockets available?
  11. websocket vs rest API for real time data? [closed]
  12. Ajax vs Socket.io
  13. Which websocket library to use with Node.js? [closed]
  14. Inspecting WebSocket frames in an undetectable way
  15. Websocket Authentication and Authorization in Spring
  16. Good beginners tutorial to socket.io? [closed]
  17. How to solve Chrome’s 6 connection limit when using xhr polling
  18. Is there a WebSocket client implemented for Python? [closed]
  19. node-websocket-server: possible to have multiple, separate “broadcasts” for a single node.js process?
  20. How to establish a TCP Socket connection from a web browser (client side)?
  21. Making moves w/ websockets and python / django ( / twisted? )
  22. Websocket vs REST when sending data to server
  23. How to view WS/WSS Websocket request content using Firebug or other?
  24. WebSocket on IE10 giving a SecurityError
  25. I get a status 200 when connecting to the websocket, but it is an error?
  26. Using socket.io standalone without node.js
  27. What’s the difference between WebSocket and plain socket communication?
  28. Reconnection of Client when server reboots in WebSocket
  29. WebSocket: How to automatically reconnect after it dies
  30. tunneling secure websocket connections with apache

Leave a Comment