[openssl-users] HTTP / HTTPS on same port

Michael Wojcik Michael.Wojcik at microfocus.com
Fri Apr 3 20:12:11 UTC 2015

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Salz, Rich
> Sent: Friday, April 03, 2015 15:55
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] HTTP / HTTPS on same port
> It is a hack.

That's debatable. What's so sacred about separating traffic by port? Valid TLS traffic and valid plaintext HTTP traffic are distinguishable - there aren't any ambiguous cases.

>  Most people do it the other way and look for a G or P as the first letter.

Now *that* is a hack. And wrong, and broken. Looking at the first few bytes to see if they're 1) ASCII uppercase letters and 2) form the prefix of a valid HTTP command would be satisfactory.

Michael Wojcik
Technology Specialist, Micro Focus

This message has been scanned for malware by Websense. www.websense.com

More information about the openssl-users mailing list