Autor: Phil Pennock Data: Para: WJCarpenter CC: exim-users Assunto: Re: [exim] How to have port 80 open, along with a website?
On 2008-01-17 at 17:30 -0800, WJCarpenter wrote: > Yes, I get all that. However, I think it would be possible in principal
> (admittedly heuristically) to look at the low-level bytes arriving at
> the socket and see if the caller were trying to negotiate SSL with you.
> If they didn't, after a small delay, you could assume it was a non-SSL
> connection and do whatever was appropriate.
In TLS, the client speaks first.
So in application protocols where the server waits for the client data,
such as HTTP, what you propose is possible; you're not even the first to
think of it. Which at least tells you that you're not insane. ;) (At
least, that's what I told myself when I first thought of the idea;
perhaps I was fooling myself).
So that "small delay" workaround you're proposing is the same one which
would vaguely make HTTP+SMTP kind-of/sometimes work. But worse as the
client will be dealing with cryptographic libraries, gathering
randomness for the ClientHello, etc.