Clever Geek Handbook

How to make sure the websocket is secured

This may seem like an absurd question, and it probably is. I am using WebSocket-Node right now , but may switch to ws soon. Therefore, answers to both implementations are welcome.

I am opening a listener on port 8080 and waiting for a connection request. Immediately after accepting the request, I want to be sure the connection is secure (as in: use wss://

and reject idle ws://

).

Trivial code taken from the documentation:

wsServer.on('request', function(request) {

  // TODO: produce this single bit
  SSL_IS_ACTIVE = ?;

  if (!SSL_IS_ACTIVE) {
    request.reject(); // ws protocol used, I want wss!
    return;
  }

  // ... proceed to process the request (authentication and so on)
}

It sounds simplest, I haven't found any documentation about it.

Should I stick to SSL port (443) or can I choose any port, eG with:

wss://localhost:8080/test

Is there a way to test the protocol and enough, eG something like the lines:

request.protocol === "wss"
-or-
request.uri.indexOf("wss://") === 0

It looks like I am missing something because it is not possible. I am the only one who has this problem: D

Any help is appreciated for both implementations (WebSocket- Node and ws)!

+3


source to share


2 answers


I feel like an easy way to ensure that no unsafe requests will support unsecured requests while building your server. Seems to WebSocket.Node

support secure servers. I would guess that ws

too. I think there should be a way to bind to only wss

for both projects.

from WebSocket.Node

looks like you can create a TLS server using:



TLS is supported for server connections (use https.createServer http.createServer instead)

from the docs: https://github.com/theturtle32/WebSocket-Node

+1


source


From https://en.wikipedia.org/wiki/WebSocket

The WebSocket protocol specification defines two new URI schemes, ws: and wss:, for unencrypted and encrypted connections, respectively. In addition to the schema name and fragment (# not supported), the rest of the URI components are defined to use the generic URI syntax .



This way, you can specify ports in websocket URLs in the same way as you would for regular web links.

+1


source






More articles:


All Articles