You may notice that some websites (including Codecademy.com) use the
https:// protocol at the beginning of the URI while others use
http://. So what’s the difference?
https:// is the secure version of the
http:// protocol and is encrypting using the Transport Layer Security (TLS) protocol. Using an HTTPS server instead of a basic HTTP server safeguards your users from malicious attacks, such as a Man In The Middle Attack.
In the last exercise, we learned that during the WebSocket handshake a GET request is sent to the server using a
ws:// URI. Just like the
ws:// is an unencrypted protocol. So is there a more secure WebSocket protocol?
Yes! WebSocket connections can also use the TLS protocol to establish a more secure connection by using the
wss:// protocol (notice the extra
s). Connections using the
wss:// protocol function just like
ws:// ones, except that the initial handshake takes place over HTTPS instead of HTTP.
Take a look at the diagram. For all four protocols, a TCP connection is being used to establish a connection. However an extra TLS layer is added for protection for the