Is there a summary anywhere of the protocol difference between the various WebSockets drafts?
The browser support levels are still all over the place, so it is not sufficient just to consider the RFC.
Obviously the Sec-WebSocket-Version changes, and I know the early format was pretty radically different. However, I mean the more subtle changes in the protocol. For example, hybi-10 (v8), in framing, suggests the extended payload length is stored as 16/63, rather than 16/64 in RFC 6455 (v13).
So: is there a summary of changes anywhere?
Alternatively (if we ignore the very early drafts, and the version numbers), is it the case that the protocol is essentially the same, and that the drafts are mainly corrections to the specification text?
The WebSocket protocol is an independent TCP-based protocol. Its only relationship to HTTP is that its handshake is interpreted by HTTP servers as an Upgrade request. By default the WebSocket protocol uses port 80 for regular WebSocket connections and port 443 for WebSocket connections tunneled over TLS [RFC2818].
The wss protocol establishes a WebSocket over an encrypted TLS connection, while the ws protocol uses an unencrypted connection. At this point, the network connection remains open and can be used to send WebSocket messages in either direction.
Unlike HTTP, where you have to constantly request updates, with websockets, updates are sent immediately when they are available. WebSockets keeps a single, persistent connection open while eliminating latency problems that arise with HTTP request/response-based methods.
wss is secure only because it means "WebSocket protocol over https". WebSocket protocol itself is not secure. There is no Secure WebSocket protocol, but there are just "WebSocket protocol over http" and "WebSocket protocol over https". See also this answer.
The Wikipedia WebSocket lists which browsers support which protocol.
Also, the IETF provides an diff tool that can be used to compare any two RFC draft specifications. For example, to compare WebSocket draft 15 and 17 go here:
Adjust the url1 and url2 addresses to get a diff for arbitrary versions. Note that this will shows you textual differences to the spec and large changes to the spec often happen without corresponding differences on the wire. I suggest searching the diffs for the "Protocol Overview" section and the "Base Framing Protocol" section which show the header summary and the framing diagram respectively.
The biggest difference in the wire protocol occured between Hixie-76/HyBi-00 (HyBi-00 was just a copy of Hixie-76 for starting the new series) and the rest of the HyBi series starting with HyBi-04 (HyBi-17 became IETF RFC 6455). Some of the major changes from the Hixie series to the HyBi series:
To add a specific change; in Sec-WebSocketVersion <= 8, the origin is in Sec-WebSocket-Origin; however, in 13 this changes to the Origin header. This changes specifically between hybi-10 and hybi-11, which are both version "8" implementations. Also note that it is Origin in hixie-76/hybi-00, so it looks like it went from Origin to Sec-WebSocket-Origin and then back to Origin.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With