A client has a sign that a server wants to negotiate TLS if it receives a byte 0x00 (the code for 'HelloRequest'). A server has a sign that a client wants to negotiate TLS if it receives a byte 0x01 (ClientHello).
There are multiple ways to use TLS. The one that webservers use is to create the TLS-encrypted tunnel across TCP, then exchange all application data over it. The one that IMAP, ESMTP, and various other state-keeping, text-based protocols with the ability to send binary across the same connection use is to create a specific text-based command -- typically STARTTLS -- that causes the server to send out a HelloRequest. The typical sequences that I've been looking at for my apps lately, by the way, are: Receive: (unicode byte order mark, describing precisely which encoding the client's using) STARTTLS (server sends HelloRequest) (client sends ClientHello) Receive: ClientHello (negotiate TLS) Receive: Unicode BOM (server assumes client is using Unicode) Receive: Telnet IAC (0xff) (server negotiates telnet parameters, including possibly Unicode) Receive: anything else (server assumes client is using ISO-Latin-1) However, this is primarily for a couple of text-based MUD softwares that I'm working with. Your mileage may vary. -Kyle H On Mon, Jul 6, 2009 at 11:51 AM, Konstantin Ivanov<[email protected]> wrote: > Hi all, > I was wondering if it is possible to determine if client is requesting an > ssl handshake on regular socket connection and if client does request it, > continue with SSL handshake and enable secure communication? What is > happening is that if I have a server, but I accept a connection using a > regular socket (not OpenSSL accept) then I get the scrambled data from the > client which I assume is an attempt to handshake with the server. Is it > possible to determine if this is a handshake and if so, let this connection > be secure? This is a custom application. > Thank you, > K ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
