I plan to write an secure websocket server in golang. My question is:
Is TLS used throughout the entire connection when using wss://
, or is it just used when upgrade from http(s) to websocket protocol?
The reason I ask is that as I understand the websocket protocol has nothing to do with http except that the connection is initiated via http(s).
So, if I use ListenAndServeTLS
in my Go program, can I ensure that the entire websocket conversation is secure?