WSS on HTTP vs WSS on HTTPS

后端 未结 3 2083
长情又很酷
长情又很酷 2020-11-29 03:43

I\'ve read that WS only works on HTTP, and that WSS works on both HTTP and HTTPS. Are WSS (Secure Web Socket) connections just as secure on an HTTP server as they are on an

相关标签:
3条回答
  • 2020-11-29 04:24

    if HTTPS is not deployed, try sws - secure websocket on plain http without https

    https://github.com/InstantWebP2P/sws

    0 讨论(0)
  • 2020-11-29 04:27

    Is a web socket secure (wss) connection still encrypted through TLS/SSL if the website/server is not?

    Yes.

    Are wss (Secure Web Socket) connections just as secure on an http server as they are on an https server?

    Yes (see above). There is one thing to note: if the HTML/JavaScript that opens the secure WebSocket connection comes over non-secure HTTP, the WebSocket connection is still secure, but an attacker might modify the HTML/JavaScript while being sent from the Web server to browser. A HTTP connection isn't protected against man-in-the-middle sniffing or modification.

    0 讨论(0)
  • 2020-11-29 04:29

    "wss works on both http and https" ??? This is a strange phrase.

    wss is secure only because it means "WebSocket protocol over https". WebSocket protocol itself is not secure. There is no Secure WebSocket protocol, but there are just "WebSocket protocol over http" and "WebSocket protocol over https". See also this answer.

    As the author of nv-websocket-client (WebSocket client library for Java), I also doubt the phrase "if the HTML/JavaScript that opens the secure WebSocket connection comes over non-secure HTTP, the WebSocket connection is still secure" in the answer by oberstet.

    Read RFC 6455 (The WebSocket Protocol) to reach the right answer. To become a true engineer, don't avoid reading RFCs. Only searching technical blogs and StackOverflow for answers will never bring you to the right place.

    0 讨论(0)
提交回复
热议问题