WebSocket Opening Handshake Messages

Q

How does the WebSocket Opening Handshake work?

✍: FYIcenter.com

A

WebSocket Opening Handshake starts with the client sends the opening handshake request as an HTTP request message in the following format:

GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Origin: http://example.com
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 13

What the client is saying here is that: "I am starting with the HTTP protocol first, but I would like to upgrade to WebSocket protocl. Please confirm."

The server needs return the opening handshake response as an HTTP response message in the following format:

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

What the client is saying here is that: "I agree that we can switch protocol to WebSocket. And I am ready."

An important piece of data in the client request is the "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" header line. It provides a handshake key to the server.

The server has to concatenate the key with "58EAFA5-E914-47DA-95CA-C5AB0DC85B11" as "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11". Then hash it with SHA-1 algorithm. The Base64 encodede hash value "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=" needs to be returned to the cliend in the "Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=" header line.

To finish the opening handshake, the client has to verify the hash value received from the server to reduce risks of being attached.

 

WebSocket Echo Server at websocket.org

Handshake and Data Messages in WebSocket Protocol

Downloading and Reviewing WebSocket.jar

⇑⇑ FAQ for WebSocket API

2018-01-27, 1254🔥, 0💬