Which ports should be open for AMQP connection in Azure Service Bus?

Question

I have found documentation on AMQP regarding the ports that it uses:

Azure Service Bus requires the use of TLS at all times. It supports connections over TCP port 5671, whereby the TCP connection is first overlaid with TLS before entering the AMQP protocol handshake, and also supports connections over TCP port 5672 whereby the server immediately offers a mandatory upgrade of connection to TLS using the AMQP-prescribed model. The AMQP WebSockets binding creates a tunnel over TCP port 443 that is then equivalent to AMQP 5671 connections.

And some more detail in other post:

It supports connections over TCP port 5671 and over TCP port 5672. The server immediately offers a mandatory upgrade to TLS using the AMQP-prescribed model. The AMQP WebSockets binding creates a tunnel over TCP port 443 that is then equivalent to AMQP 5671 connections.

What I did not quite understand is what is the difference between those two ports. Should both be opened at all time or is it just one of the that is required and the other is some fallback or it depends on the library that is used.

P.S. I use Microsoft.Azure.ServiceBus library to connect

Answer 1

Details can be found here. http://docs.oasis-open.org/amqp/core/v1.0/os/amqp-core-security-v1.0-os.html#toc

Port 5671 is for pure TLS connection (section 5.2.1). It is actually what most clients do now as far as I know.

Port 5672 is for plain TCP connection and TLS upgrade (section 5.2).

Service Bus client only supports pure TLS connection over port 5671. The service supports TLS upgrade over port 5672 if a client needs to.