This is a PSA about a small tweak to an existing feature. The change is to include the TLS ALPN extension when initiating a new connection for wss-schemed WebSockets, offering just the default "http/1.1" protocol. Currently, unlike HTTPS connections, such connections do not offer ALPN at all. Changing this aligns with Firefox and Safari, hardens against cross-protocol attacks (see ALPACA), and makes wss eligible for the False Start optimization. It also simplifies work on the HTTPS DNS record.


HTTP/1.1 is already default, so this change does not affect the actual negotiated protocol. However, sending ALPN hardens against cross-protocol attacks (e.g. the ALPACA attack), aligns with Firefox and Safari, and makes WebSocket TLS 1.2 connections eligible for the TLS False Start optimization, which we current gate on ALPN. Finally, the ongoing HTTPS/SVCB DNS record work relies on passing ALPN preferences further down the net stack.


Specification link

Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium


Enabled by default

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Shipped/Shipping
  • Shipped/Shipping
  • No signals


Last updated on 2022-04-28