本文介绍了HTTP 上的 WS 与 HTTPS 上的 WSS的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我了解到 WS 仅适用于 HTTP,而 WSS 可用于 HTTP 和 HTTPS.WSS(安全 Web 套接字)连接在 HTTP 服务器上与在 HTTPS 服务器上一样安全吗?如果网站/服务器不是,Web Socket Secure (WSS) 连接是否仍然通过 TLS/SSL 加密?

I've read that WS only works on HTTP, and that WSS works on both HTTP and HTTPS. Are WSS (Secure Web Socket) connections just as secure on an HTTP server as they are on an HTTPS server? Is a Web Socket Secure (WSS) connection still encrypted through TLS/SSL if the website/server is not?

推荐答案

是的.

wss(安全 Web 套接字)连接在 http 服务器上与在 https 服务器上一样安全吗?

是的(见上文).有一点需要注意:如果打开安全 WebSocket 连接的 HTML/JavaScript 来自非安全 HTTP,则 WebSocket 连接仍然是安全的,但是攻击者可能会在从 Web 服务器发送到浏览器的同时修改 HTML/JavaScript.HTTP 连接不受中间人嗅探或修改保护.

Yes (see above). There is one thing to note: if the HTML/JavaScript that opens the secure WebSocket connection comes over non-secure HTTP, the WebSocket connection is still secure, but an attacker might modify the HTML/JavaScript while being sent from the Web server to browser. A HTTP connection isn't protected against man-in-the-middle sniffing or modification.

这篇关于HTTP 上的 WS 与 HTTPS 上的 WSS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-09 14:38