Notice of upcoming changes: websockets and secure connections

Hey everyone,

I wanted to give you all a heads up that we’ll be making some changes in the coming weeks with how users will connect to our chat servers.

  1. We’ll be ditching our flash-based web client in favor of a websockets implementation.
  2. We’ll be adding ports to our servers which will require TLS connections (for both websockets and IRC clients).

We will provide legacy flash support for browsers which don’t support websockets, which means we will also, in the short term, provide plaintext IRC ports for clients to connect to. However, we’ll be strongly encouraging all IRC clients and bots use the new secure IRC port 6697 when it becomes available. During this process we’ll likely be announcing new IP addresses and retiring old ones as well.

We’ll provide more details as these changes come closer to fruition.




Howdy, if websockets are being implemented does that mean a realtime stream will be available to devs for chat?

Does that mean that regular IRC connections remain available, but in the long-run only IRC connections via TLS?

1 Like

Yes, it is likely that at some point in the future we won’t support insecure connections at all.

If you’re going to require secure connections for TMI, then make sure to publish your SSL fingerprint(s). Otherwise, connections are still vulnerable to MITM and just introduce more overhead on both sides.

Although in general, i’m with q on this one

We have no intention on making our public fingerprint private. And though I can’t go into much detail, the quakenet article makes several assumptions (some stated, some implicit) that don’t hold in our case.

Heads up, you’ll notice some new fields in our chat_properties endpoint which we plan on starting to use tomorrow :slight_smile: You can expect the addresses in these lists to be changing some over the next few weeks.

YES! <3 <3 <3 <3 <3 <3 <3 I don’t think I could have waited any longer.

Does this mean we can look forward to not needing Flash to use Twitch in the future?

Is TLS for IRC bots ready?

Will bots be required to poll for a channel’s available server IPs before connecting?
This will be my first attempt at making a TLS connection, is there any Twitch specific documentation that helps with this process?

Not yet (at least not announced yet)

If you are building an application around chat then it would be recommended to pull for an available server so you don’t have to worry about manual changes. As it stands now, server changes do not happen very often.

Did you guys recently enable and disable the HTML5 chat functionality? I swear I used it on Safari without Flash, but it’s asking for Flash again for the last few days.

There are some chat servers on flash and some not.

So would see you just got pushed to a flash one today


Sorry if I am being dumb, but what is the point in SSL connections for IRC when all chat rooms are public anyway?

Would SSL not slow everything down?

Well, for one without SSL you also send the oauth token to log into chat unencrypted, which at least has chat access but possibly also other scopes associated with it. It could of course be revoked if someone unauthorized would get hold of it, but some damage could already be done.

1 Like

SSL generally will only slow down the initial connection. Post that it’s negligible

is a version of chat website that uses web sockets now ready for testing? if so what is the url? I’m trying to embed the chat page into a my application using chrome embedded framework but it doesn’t like the flash sockets.

There is or should be a web_sockets server listed in the chat_properties response