TLS/SSL is enabled on the production gateway at wss://gateway.icws.io. More in general, the IC WebSocket Gateway supports adding a TLS certificate.
If you self-host the gateway, you can use the --tls-certificate-pem-path and --tls-certificate-key-pem-path flags to configure the gateway to use your TLS certificate. Refer to the Arguments available section of the README for more details.
At the moment, the gateway is relaying the messages to the canister, mostly in a fire-and-forget way. We chose to do so in order to keep it simple and fast, and to keep the protocol as close as possible to the native WebSocket’s one.
Are you experiencing some issues with the current implementation?
I invite you to take a look at the following thread, which is the most updated and contains the changelogs of the releases that we have done in the past months: