Reputation: 14251
How can I determine whether an incoming connection is expecting SSL?
I want to use 1 port for both unencrypted TCP and SSL.
The goal is to make 1 port the entrance to the machine. That mean to mux all protocols and transports into the port. For example, i peek at the first 4 bytes of the stream. If it begins with 'GET', 'POST', 'HEAD', etc. I know that it is the HTTP protocol so I pass off the connection to the HTTP server. If it is 'HELO' or 'EHLO' i know to pass it off to the SMTP server.
The problem is, what do I look for if it is an SSL connection (in order to pass it off to OpenSSL)?
Upvotes: 4
Views: 340
Answers (1)
Reputation: 46040
SSL 2 will have 8x yz (hex) as first two bytes (x yz can be anything, eg. 8F 13), and SSL 3 and later have 16 03 hex as first two bytes.
Update: as pointed in the comments, some protocols require the server to send something first (FTP and POP3 to name a few, and SMTP has been mentioned in the comment) so your approach will work only for limited number of protocols.
Upvotes: 4
Related Questions
- OpenSSL in C++ Socket Connection (HTTPS Client)
- determine if TCP connection uses SSL
- OpenSSL Command to check if a server is presenting a certificate
- In OpenSSL 1.1.x, determine if a given SSL* corresponds to a server or client side of the connection
- How to check if a connection is SSL?
- Check Server security protocol using openssl
- SSL_connect() produces certificate verify failure
- Detect SSL protocol in C
- Auto-detecting if a TCP connection is using SSL / TLS?
- How do I know if a server supports SSL?