Yes. But there are people forwarding that to the other service port so their application only has one real listener and then that non HTTP TLS server still manages to complete the TLS-SNI challenge (via port 443).
> On Jan 12, 2018, at 10:33 AM, Gerd v. Egidy <[email protected]> > wrote: > >> I did want to say that if an acceptable mechanism is found in this manner, >> it does help with some but not all in-band TLS validation mechanisms. It >> works for web server cases. It does not fully replace the mechanisms of >> the TLS-SNI sort because it would not work for other protocols running over >> TLS (like SMTP/TLS). The TLS-SNI mechanisms do facilitate that. > > Really? Isn't TLS-SNI-01/-02 just allowed over TCP port 443? > > "This connection MUST be sent to TCP port 443 on the TLS server" > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
