You may notice that some websites (including Codecademy.com) use the https://
protocol at the beginning of the URI while others use http://
. So what’s the difference?
https://
is the secure version of the http://
protocol and is encrypting using the Transport Layer Security (TLS) protocol. Using an HTTPS server instead of a basic HTTP server safeguards your users from malicious attacks, such as a Man In The Middle Attack.
In the last exercise, we learned that during the WebSocket handshake a GET request is sent to the server using a ws://
URI. Just like the http://
protocol, ws://
is an unencrypted protocol. So is there a more secure WebSocket protocol?
Yes! WebSocket connections can also use the TLS protocol to establish a more secure connection by using the wss://
protocol (notice the extra s
). Connections using the wss://
protocol function just like ws://
ones, except that the initial handshake takes place over HTTPS instead of HTTP.
Instructions
Take a look at the diagram. For all four protocols, a TCP connection is being used to establish a connection. However an extra TLS layer is added for protection for the https://
and wss://
protocols.