[openssl-users] HTTP / HTTPS on same port
Joris Van Remoortere
joris at mesosphere.io
Fri Apr 3 19:48:37 UTC 2015
I would like to ask your opinion and advice on accepting HTTP / HTTPS
connections on the same port.
I currently have a prototype that peeks at the first byte after accepting a
new connection, and dispatches to the appropriate routines based on whether
the first byte is 0x16 or not. This came from looking at the TLS handshake
and testing different libraries.
The motivation for this was to avoid the configuration nightmare of
introducing a second port, both in our code, and for administrators
(firewall rules, etc.).
1) Is it valid to assume that the 1st byte of the handshake protocol is a
valid way to disambiguate the traffic?
2) Are there any corner cases I might be missing?
3) Are there any security reasons for not doing this?
Thanks for your advice,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users