SSL Everywhere!

January 27, 2015

Secured connections and privacy are a must, particularly if you handle sensitive or confidential customer data.

What’s more, a secured connection improves the reliability of persistent connections with proxies and firewalls, and can in some situations result in speed improvements.

So, we’ve made SSL available everywhere. It’s now available on all plans, including Bootstrap and the free Sandbox plan. This also means that no matter the plan you’re on you get the same level of functionality from Pusher. Si Señor!

I’ve used Pusher with SSL for years. What’s the difference?

True. From the very beginning we’ve offered SSL access to the WebSocket API using WSS and HTTPS has been available on our HTTP endpoints. In fact, over 70% of client connections (WebSocket and HTTP fallback) use SSL protocol. The difference is that we’re now moving towards making SSL the default for our libraries so that everybody automatically gets the benefits.

Also, all of our assets are now served over HTTPS for your added security. The website and blog have just been moved to HTTPS to catch up with the application dashboard, JavaScript library CDN, support site and status page which have long been on HTTPS.

That’s great! Will prices change?

Nope.

We’ll keep things sweet and simple: SSL will be included by default on all plans at no extra cost – including the free Sandbox plan.

How do I take advantage of SSL with Pusher?

The Android (Java) and iOS (ObjectiveC) libraries have already been updated to do this. But, for the moment you’ll need to configure some of the other Pusher libraries to use SSL.

For example, the Pusher JavaScript WebSocket library:

<script src="//js.pusher.com/2.2/pusher.min.js"></script>
<script>
  var pusher = new Pusher( 'APP_KEY', { encrypted: true } );
</script>

And the HTTP API libraries. A few examples include:

Ruby

gem 'pusher'

Pusher.app_id = 'APP_ID'
Pusher.key = 'APP_KEY'
Pusher.secret = 'APP_SECRET'

Pusher.encrypted = true

This example uses the pusher-http-ruby library

PHP

require 'vendor/autoload.php';

$pusher = new Pusher( 'APP_KEY', 'APP_SECRET', 'APP_ID',
                      array( 'encrypted' => true ) );

This example uses the Pusher HTTP PHP library

Python

from pusher import Config, Pusher

config=Config(app_id=u'4', key=u'key', secret=u'secret', ssl=True)
pusher = Pusher(config)

This example uses the Pusher HTTP Python library

Node

var Pusher = require( 'pusher' );

var config = { appId: 'APP_ID', key: 'APP_KEY', secret: 'APP_SECRET',
               encrypted: true };
var pusher = new Pusher( config );

This example uses the Pusher HTTP Node library

If the library you use is not listed above then you should be able to find it via the libraries page. From there each library README should list how to use SSL. If it doesn’t then please either raise an issue against the repo or get in touch.

About Phil Leggetter

Phil Leggetter is a head of developer evangelism at Pusher. He's been building and using realtime web technologies since 2001 and is excited about the use cases and the potential for the technology as ever.