Reputation: 35
Support both SSL and non-SSL on the same server port
I've a plan to add the encryption to my server/client communication by using OpenSSL. But I want to let the user choose if they want to use the SSL channel to communicate or not. The easiest way is just create 2 socket and bind them to a different port, but I want the server to serve the service on only one port.
Is there anyway to open the server side's SSL socket that support both SSL and non-SSL communication regarding the client incoming connection?
P.S. I use OpenSSL lib for my c++ code.
Upvotes: 1
Views: 1357
Answers (1)
Reputation: 2259
A TLS client hello has a standard format. You could peek at the first few bytes of the first message, detect whether or not this is a TLS client hello, and respond accordingly.
An alternate solution would to be to connect the unencrypted service on port X, and set up stunnel to listen on port Y, where it would handle the TLS layer, and forward the plaintext to local port X. While this would bind to two ports, your service would only run once.
Upvotes: 1
Related Questions
- How to use one ssl certificate for different ports on nginx
- How can I support SSL and non-SSL traffic on the same port using TIdHTTPServer and OpenSSL?
- In OpenSSL 1.1.x, determine if a given SSL* corresponds to a server or client side of the connection
- How to specify intermediate certificates for s_client and s_server?
- How make SSL server socket support both http & https in java?
- Support SSL and non-SSL on the same port
- Does OpenSSL allow multiple SSL_CTX per process, one SSL_CTX used for server sessions and the other SSL_CTX for client sessions?
- How would i support multiple version of TLS on client side?
- Can a Java server accept both SSL and plaintext connections on one port?
- OpenSSL let the server and client negotiate the method