[openssl-users] HTTP / HTTPS on same port
Joris Van Remoortere
joris at mesosphere.io
Fri Apr 3 19:48:37 UTC 2015
Hello,
I would like to ask your opinion and advice on accepting HTTP / HTTPS
connections on the same port.
I currently have a prototype that peeks at the first byte after accepting a
new connection, and dispatches to the appropriate routines based on whether
the first byte is 0x16 or not. This came from looking at the TLS handshake
protocol (
http://en.wikipedia.org/wiki/Transport_Layer_Security#Handshake_protocol)
and testing different libraries.
The motivation for this was to avoid the configuration nightmare of
introducing a second port, both in our code, and for administrators
(firewall rules, etc.).
1) Is it valid to assume that the 1st byte of the handshake protocol is a
valid way to disambiguate the traffic?
2) Are there any corner cases I might be missing?
3) Are there any security reasons for not doing this?
Thanks for your advice,
Joris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150403/a328f933/attachment-0001.html>
More information about the openssl-users
mailing list