WebSocket Opening Handshake Messages


How does the WebSocket Opening Handshake work?

✍: FYIcenter.com


WebSocket Opening Handshake starts with the client sends the opening handshake request as an HTTP request message in the following format:

GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==
Origin: http://example.com
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 13

What the client is saying here is that: "I am starting with the HTTP protocol first, but I would like to upgrade to WebSocket protocl. Please confirm."

The server needs return the opening handshake response as an HTTP response message in the following format:

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=

What the client is saying here is that: "I agree that we can switch protocol to WebSocket. And I am ready."

An important piece of data in the client request is the "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" header line. It provides a handshake key to the server.

The server has to concatenate the key with "58EAFA5-E914-47DA-95CA-C5AB0DC85B11" as "dGhlIHNhbXBsZSBub25jZQ==258EAFA5-E914-47DA-95CA-C5AB0DC85B11". Then hash it with SHA-1 algorithm. The Base64 encodede hash value "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=" needs to be returned to the cliend in the "Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo=" header line.

To finish the opening handshake, the client has to verify the hash value received from the server to reduce risks of being attached.


⇒Downloading and Reviewing WebSocket.jar

⇒⇒FAQ for WebSocket API

2018-01-27, 1046👍, 0💬