Hello, I would like to ask your opinion and advice on accepting HTTP / HTTPS connections on the same port. I currently have a prototype that peeks at the first byte after accepting a new connection, and dispatches to the appropriate routines based on whether the first byte is 0x16 or not. This came from looking at the TLS handshake protocol ( http://en.wikipedia.org/wiki/Transport_Layer_Security#Handshake_protocol) and testing different libraries. The motivation for this was to avoid the configuration nightmare of introducing a second port, both in our code, and for administrators (firewall rules, etc.). 1) Is it valid to assume that the 1st byte of the handshake protocol is a valid way to disambiguate the traffic? 2) Are there any corner cases I might be missing? 3) Are there any security reasons for not doing this? Thanks for your advice, Joris -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150403/a328f933/attachment-0001.html>
