You may notice that some websites (including Codecademy.com) use the https:// protocol at the beginning of the URI while others use http://. So what’s the difference?
https:// is the secure version of the http:// protocol and is encrypting using the Transport Layer Security (TLS) protocol. Using an HTTPS server instead of a basic HTTP server safeguards your users from malicious attacks, such as a Man In The Middle Attack.
In the last exercise, we learned that during the WebSocket handshake a GET request is sent to the server using a ws:// URI. Just like the http:// protocol, ws:// is an unencrypted protocol. So is there a more secure WebSocket protocol?
Yes! WebSocket connections can also use the TLS protocol to establish a more secure connection by using the wss:// protocol (notice the extra s). Connections using the wss:// protocol function just like ws:// ones, except that the initial handshake takes place over HTTPS instead of HTTP.
Instructions
Take a look at the diagram. For all four protocols, a TCP connection is being used to establish a connection. However an extra TLS layer is added for protection for the https:// and wss:// protocols.