diff --git a/lib/websocket-server.js b/lib/websocket-server.js
index 70513edf2..a288a32d9 100644
--- a/lib/websocket-server.js
+++ b/lib/websocket-server.js
@@ -161,11 +161,13 @@ class WebSocketServer extends EventEmitter {
   handleUpgrade (req, socket, head, cb) {
     socket.on('error', socketOnError);
 
+    const upgrade = req.headers.upgrade;
     const version = +req.headers['sec-websocket-version'];
     const extensions = {};
 
     if (
-      req.method !== 'GET' || req.headers.upgrade.toLowerCase() !== 'websocket' ||
+      req.method !== 'GET' || upgrade === undefined ||
+      upgrade.toLowerCase() !== 'websocket' ||
       !req.headers['sec-websocket-key'] || (version !== 8 && version !== 13) ||
       !this.shouldHandle(req)
     ) {
@@ -251,7 +253,7 @@ class WebSocketServer extends EventEmitter {
     var protocol = req.headers['sec-websocket-protocol'];
 
     if (protocol) {
-      protocol = protocol.trim().split(/ *, */);
+      protocol = protocol.split(',').map(trim);
 
       //
       // Optionally call external protocol selection handler.
@@ -355,3 +357,15 @@ function abortHandshake (socket, code, message, headers) {
   socket.removeListener('error', socketOnError);
   socket.destroy();
 }
+
+/**
+ * Remove whitespace characters from both ends of a string.
+ *
+ * @param {String} str The string
+ * @return {String} A new string representing `str` stripped of whitespace
+ *     characters from both its beginning and end
+ * @private
+ */
+function trim (str) {
+  return str.trim();
+}
diff --git a/package.json b/package.json
index df8629a82..befb96560 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ws",
-  "version": "5.2.2",
+  "version": "5.2.4",
   "description": "Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js",
   "keywords": [
     "HyBi",
diff --git a/test/websocket-server.test.js b/test/websocket-server.test.js
index 45d287978..832354cb7 100644
--- a/test/websocket-server.test.js
+++ b/test/websocket-server.test.js
@@ -364,6 +364,47 @@ describe('WebSocketServer', function () {
   });
 
   describe('Connection establishing', function () {
+    it('fails if the Upgrade header field value cannot be read', (done) => {
+      const server = http.createServer();
+      const wss = new WebSocket.Server({ noServer: true });
+
+      server.maxHeadersCount = 1;
+
+      server.on('upgrade', (req, socket, head) => {
+        assert.deepStrictEqual(req.headers, { foo: 'bar' });
+        wss.handleUpgrade(req, socket, head, () => {
+          done(new Error('Unexpected callback invocation'));
+        });
+      });
+
+      server.listen(() => {
+        const req = http.get({
+          port: server.address().port,
+          headers: {
+            foo: 'bar',
+            bar: 'baz',
+            Connection: 'Upgrade',
+            Upgrade: 'websocket'
+          }
+        });
+
+        req.on('response', (res) => {
+          assert.strictEqual(res.statusCode, 400);
+
+          const chunks = [];
+
+          res.on('data', (chunk) => {
+            chunks.push(chunk);
+          });
+
+          res.on('end', () => {
+            assert.strictEqual(Buffer.concat(chunks).toString(), 'Bad Request');
+            server.close(done);
+          });
+        });
+      });
+    });
+
     it('fails if the Sec-WebSocket-Key header is invalid', function (done) {
       const wss = new WebSocket.Server({ port: 0 }, () => {
         const req = http.get({