proto_wss Module

Table of Contents

1. Admin Guide
1.1. Overview
1.2. Dependencies
1.2.1. OpenSIPS Modules
1.2.2. Dependencies of external libraries
1.3. Exported Parameters
1.3.1. listen=interface
1.3.2. wss_port (integer)
1.3.3. wss_max_msg_chunks (integer)
1.3.4. wss_resource (string)
1.3.5. wss_handshake_timeout (integer)
2. Frequently Asked Questions
3. Contributors
3.1. By Commit Statistics
3.2. By Commit Activity
4. Documentation
4.1. Contributors

List of Tables

3.1. Top contributors by DevScore(1), authored commits(2) and lines added/removed(3)
3.2. Most recently active contributors(1) to this module

List of Examples

1.1. Set listen variable
1.2. Set wss_port variable
1.3. Set wss_max_msg_chunks parameter
1.4. Set wss_resource parameter
1.5. Set wss_handshake_timeout parameter

Chapter1.Admin Guide


The WSS (Secure WebSocket) module provides the ability to communicate with a WebSocket (RFC 6455) client or server over a secure (TLS encrypted) channel. As part of the WebRTC specifications, this protocol can be used to provide secure VoIP calls to HTTPS enabled browsers.

This module behaves as any other transport protocol module: in order to use it, you must define one or more listeners that will handle the secure WebSocket traffic, after the mpath parameter:

listen=wss:			# change with the listening IP
listen=wss:	# change with the listening IP and port

Besides that, you need to define the TLS parameters for securing the connection. This is done through the tls_mgm module interface, similar to the proto_tls module:

modparam("tls_mgm", "certificate", "/certs/")
modparam("tls_mgm", "private_key", "/certs/")
modparam("tls_mgm", "ca_list", "/certs/wellknownCAs")
modparam("tls_mgm", "tls_method", "tlsv1")
modparam("tls_mgm", "verify_cert", "1")
modparam("tls_mgm", "require_cert", "1")

Check the tls_mgm module documentation for more info.


1.2.1.OpenSIPS Modules

The following modules must be loaded before this module:

  • tls_mgm.

1.2.2.Dependencies of external libraries

OpenSIPS TLS v1.0 support requires the following packages:

  • openssl or libssl >= 0.9.6

  • openssl-dev or libssl-dev

OpenSIPS TLS v1.1/1.2 support requires the following packages:

  • openssl or libssl >= 1.0.1e

  • openssl-dev or libssl-dev

1.3.Exported Parameters

All these parameters can be used from the opensips.cfg file, to configure the behavior of OpenSIPS-WSS.


This is a global parameter that specifies what interface/IP and port should handle WSS traffic.

Example1.1.Set listen variable

listen = wss:

1.3.2.wss_port (integer)

The default port to be used for all WSS related operation. Be careful as the default port impacts both the SIP listening part (if no port is defined in the WSS listeners) and the SIP sending part (if the destination WSS URI has no explicit port).

If you want to change only the listening port for WSS, use the port option in the SIP listener defintion.

Default value is 443.

Example1.2.Set wss_port variable

modparam("proto_wss", "wss_port", 44344)

1.3.3.wss_max_msg_chunks (integer)

The maximum number of chunks in which a SIP message is expected to arrive via WSS. If a received packet is more fragmented than this, the connection is dropped (either the connection is very overloaded and this leads to high fragmentation - or we are the victim of an ongoing attack where the attacker is sending very fragmented traffic in order to decrease server performance).

Default value is 4.

Example1.3.Set wss_max_msg_chunks parameter

modparam("proto_wss", "wss_max_msg_chunks", 8)

1.3.4.wss_resource (string)

The resource queried for when a WebSocket handshake is initiated.

Default value is /.

Example1.4.Set wss_resource parameter

modparam("proto_wss", "wss_resource", "/wss")

1.3.5.wss_handshake_timeout (integer)

This parameter specifies the time in milliseconds the proto_wss module waits for a WebSocket handshake reply from a WebSocket server.

Default value is 100.

Example1.5.Set wss_handshake_timeout parameter

modparam("proto_wss", "wss_handshake_timeout", 300)

Chapter2.Frequently Asked Questions


Does OpenSIPS support fragmented Secure WebSocket messages?

No, the WebSocket fragmentation mechanism is not supported.


3.1.By Commit Statistics

Table3.1.Top contributors by DevScore(1), authored commits(2) and lines added/removed(3)

NameDevScoreCommitsLines ++Lines --
1. Razvan Crainea (@razvancrainea)15869633
2. Bogdan-Andrei Iancu (@bogdan-iancu)741614
3. Liviu Chircu (@liviuchircu)531227
4. Maksym Sobolyev (@sobomax)2110

(1) DevScore = author_commits + author_lines_added / (project_lines_added / project_commits) + author_lines_deleted / (project_lines_deleted / project_commits)

(2) including any documentation-related commits, excluding merge commits. Regarding imported patches/code, we do our best to count the work on behalf of the proper owner, as per the "fix_authors" and "mod_renames" arrays in opensips/doc/ If you identify any patches/commits which do not get properly attributed to you, please submit a pull request which extends "fix_authors" and/or "mod_renames".

(3) ignoring whitespace edits, renamed files and auto-generated files

3.2.By Commit Activity

Table3.2.Most recently active contributors(1) to this module

NameCommit Activity
1. Bogdan-Andrei Iancu (@bogdan-iancu)Jan 2016 - Jun 2018
2. Liviu Chircu (@liviuchircu)Mar 2016 - Jun 2018
3. Razvan Crainea (@razvancrainea)Jan 2016 - Sep 2017
4. Maksym Sobolyev (@sobomax)Feb 2017 - Feb 2017

(1) including any documentation-related commits, excluding merge commits



Last edited by: Bogdan-Andrei Iancu (@bogdan-iancu), Liviu Chircu (@liviuchircu), Razvan Crainea (@razvancrainea).

doc copyrights:

Copyright 2015