Is it possible to have WebSockets with HTTPS?
When switching to HTTPS, my WebSocket returns a security error and works perfectly with regular HTTP.
Below, a snippet;
socket = new WebSocket("ws://my_www:1235");
Asked
Active
Viewed 1.9e+01k times
137
nyedidikeke
- 6,899
- 7
- 44
- 59
Eric
- 9,870
- 14
- 66
- 102
-
my bad, i realized that the AIR socket server i'm using isn't secure, i have to rewrite to use flash.net.SecureSocket... – Eric Mar 18 '12 at 00:29
4 Answers
214
The WebSocket connection starts its life with an HTTP or HTTPS handshake. When the page is accessed through HTTP, you can use WS or WSS (WebSocket secure: WS over TLS) . However, when your page is loaded through HTTPS, you can only use WSS - browsers don't allow to "downgrade" security.
Peter Moskovits
- 4,236
- 1
- 20
- 15
-
that's what i have but i realized that the AIR socket server i'm using isn't secure, i have to rewrite to use flash.net.SecureSocket... – Eric Mar 18 '12 at 00:28
-
Flash has its serious problems as well... Are you building a WebSocket server (if so, why), or are you building an app? – Peter Moskovits Mar 19 '12 at 07:01
-
1
-
52
You can't use WebSockets over HTTPS, but you can use WebSockets over TLS (HTTPS is HTTP over TLS). Just use "wss://" in the URI.
I believe recent version of Firefox won't let you use non-TLS WebSockets from an HTTPS page, but the reverse shouldn't be a problem.
kanaka
- 70,845
- 23
- 144
- 140
-
So, what's the solution? I've a WS server running over http now I bought an SSL and browser no more allow me to connect with WS. I turned WS to WSS:// and now its not connecting with WebSocket – Muaaz Khalid Jan 01 '16 at 06:30
-
@muaaz your WebSocket server should be running in WSS mode and preferably loaded with the same SSL cert/keys as your webserver that is serving your origin web pages which are trying to connect to the websocket server. – kanaka Jan 02 '16 at 05:14
-
4Thank you. btw, I've just solved it by Proxying(using apache) the request from `wss://` to `ws://`. So, I use `wss://ws.domain.com` and apache apply the proxy on it and redirect request where the WS server is running. e.g: `ws://10.12.23.45:5641/server.php`. and I know its a very bad solution - although, it works for me. I'd appreciate your help if you guide me through the apache configuration. e.g: where to put the `.cert` etc. thanks! – Muaaz Khalid Jan 02 '16 at 10:25
-
@muaaz sorry, I don't know the apache configuration apart from googling it myself. – kanaka Jan 12 '16 at 22:03
27
1 additional caveat (besides the answer by kanaka/peter): if you use WSS, and the server certificate is not acceptable to the browser, you may not get any browser rendered dialog (like it happens for Web pages). This is because WebSockets is treated as a so-called "subresource", and certificate accept / security exception / whatever dialogs are not rendered for subresources.
oberstet
- 21,353
- 10
- 64
- 97
-
-
1What do you mean by "browser rendered dialog"? Like `alert()`? – Ivan Perevezentsev May 22 '16 at 18:58
-
2Dialogs that natively originate within the browser (not a page). Like "this cert is invalid, do you want to continue?" – oberstet Jun 02 '16 at 20:20
-
1so is there a way to overcome this? if i use self-signed certificate, can i still use websocket? – OhadR Mar 01 '19 at 20:44
3
To support the answer by @oberstet, if the cert is not trusted by the browser (for example you get a "this site is not secure, do you want to continue?") one solution is to open the browser options, navigate to the certificates settings and add the host and post that the websocket server is being served from to the certificate provider as an exception.
for example add 'example-wss-domain.org:6001' as an exception to 'Certificate Provider Ltd'.
In firefox, this can be done from 'about:preferences' and searching for 'Certificates'
Iggs_Grey
- 61
- 5