On 2008-01-17 at 17:30 -0800, WJCarpenter wrote: > Yes, I get all that. However, I think it would be possible in principal > (admittedly heuristically) to look at the low-level bytes arriving at > the socket and see if the caller were trying to negotiate SSL with you. > If they didn't, after a small delay, you could assume it was a non-SSL > connection and do whatever was appropriate.
In TLS, the client speaks first. So in application protocols where the server waits for the client data, such as HTTP, what you propose is possible; you're not even the first to think of it. Which at least tells you that you're not insane. ;) (At least, that's what I told myself when I first thought of the idea; perhaps I was fooling myself). So that "small delay" workaround you're proposing is the same one which would vaguely make HTTP+SMTP kind-of/sometimes work. But worse as the client will be dealing with cryptographic libraries, gathering randomness for the ClientHello, etc. -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
