HTML and CSS Reference
There are some pleasant side effects of deploying TLS, as well. Encrypted WebSocket
traffic generally works more smoothly through proxies. Encryption prevents proxies from
inspecting traffic, so they generally just let the bytes through without attempting to buffer
or change the traffic flow. See Chapter 8 for more information about deploying encrypted
Just like WebSocket begins with an HTTP handshake before upgrading to WebSocket,
the WebSocket Secure (WSS) handshake begins with an HTTPS handshake. The HTTPS
and WSS protocols are very similar, with both running on top of TLS over TCP connections.
You configure TLS encryption for WebSocket wire traffic the same way you do for HTTP:
using certificates. With HTTPS, the client and server first establish a secure connection and
only then begins the HTTP protocol. Similarly, WSS establishes a secure connection, begins
the HTTP handshake, and then upgrades to the WebSocket wire protocol. The benefit of
this is that if you know how to configure HTTPS for encrypted communication, then you
also know how to configure WSS for encrypted WebSocket communication.
The cables at the top of the Figure 7-3 show how HTTPS is not a separate protocol,
rather the combination of HTTP running on a TLS connection. Commonly, HTTPS uses
a different port than HTTP (HTTPS's default port is 443 and HTTP's default port is 80).
HTTP runs directly on TCP and HTTPS runs on TLS, which, in turn, runs on TCP.
Figure 7-3. HTTP, HTTPS, WS, and WSS