1Security 2======== 3 4Encryption 5---------- 6 7For production use, a server should require encrypted connections. 8 9See this example of :ref:`encrypting connections with TLS 10<secure-server-example>`. 11 12Memory use 13---------- 14 15.. warning:: 16 17 An attacker who can open an arbitrary number of connections will be able 18 to perform a denial of service by memory exhaustion. If you're concerned 19 by denial of service attacks, you must reject suspicious connections 20 before they reach ``websockets``, typically in a reverse proxy. 21 22With the default settings, opening a connection uses 325 KiB of memory. 23 24Sending some highly compressed messages could use up to 128 MiB of memory 25with an amplification factor of 1000 between network traffic and memory use. 26 27Configuring a server to :ref:`optimize memory usage <memory-usage>` will 28improve security in addition to improving performance. 29 30Other limits 31------------ 32 33``websockets`` implements additional limits on the amount of data it accepts 34in order to minimize exposure to security vulnerabilities. 35 36In the opening handshake, ``websockets`` limits the number of HTTP headers to 37256 and the size of an individual header to 4096 bytes. These limits are 10 to 3820 times larger than what's expected in standard use cases. They're hard-coded. 39If you need to change them, monkey-patch the constants in ``websockets.http``. 40