如何确定传入连接是否正在等待SSL? [英] How can I determine whether an incoming connection is expecting SSL?
问题描述
我想为未加密的TCP和SSL使用1个端口。
I want to use 1 port for both unencrypted TCP and SSL.
目标是使1个端口成为机器的入口。这意味着将所有协议和传输复制到端口中。例如,我查看流的前4个字节。如果它以GET,POST,HEAD等开头。我知道它是HTTP协议,所以我将连接断开到HTTP服务器。如果是'HELO'或'EHLO',我知道它将它传递到SMTP服务器。
The goal is to make 1 port the entrance to the machine. That mean to mux all protocols and transports into the port. For example, i peek at the first 4 bytes of the stream. If it begins with 'GET', 'POST', 'HEAD', etc. I know that it is the HTTP protocol so I pass off the connection to the HTTP server. If it is 'HELO' or 'EHLO' i know to pass it off to the SMTP server.
问题是,如果它是一个SSL
The problem is, what do I look for if it is an SSL connection (in order to pass it off to OpenSSL)?
推荐答案
SSL 2将8x yz(十六进制)作为前两个字节(x yz可以是任何值,例如8F 13),SSL 3和以后具有16 03 hex作为前两个字节。
SSL 2 will have 8x yz (hex) as first two bytes (x yz can be anything, eg. 8F 13), and SSL 3 and later have 16 03 hex as first two bytes.
更新:如评论中所指出的,一些协议要求服务器首先发送某些东西(FTP和POP3等等,SMTP在注释中已经提到)因此您的方法只适用于有限数量的协议。
Update: as pointed in the comments, some protocols require the server to send something first (FTP and POP3 to name a few, and SMTP has been mentioned in the comment) so your approach will work only for limited number of protocols.
这篇关于如何确定传入连接是否正在等待SSL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
