[openssl-users] HTTP / HTTPS on same port

Joris Van Remoortere joris at mesosphere.io
Fri Apr 3 19:48:37 UTC 2015


Hello,

I would like to ask your opinion and advice on accepting HTTP / HTTPS
connections on the same port.

I currently have a prototype that peeks at the first byte after accepting a
new connection, and dispatches to the appropriate routines based on whether
the first byte is 0x16 or not. This came from looking at the TLS handshake
protocol (
http://en.wikipedia.org/wiki/Transport_Layer_Security#Handshake_protocol)
and testing different libraries.

The motivation for this was to avoid the configuration nightmare of
introducing a second port, both in our code, and for administrators
(firewall rules, etc.).

1) Is it valid to assume that the 1st byte of the handshake protocol is a
valid way to disambiguate the traffic?
2) Are there any corner cases I might be missing?
3) Are there any security reasons for not doing this?

Thanks for your advice,

Joris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150403/a328f933/attachment-0001.html>


More information about the openssl-users mailing list