I'd say you're doing it the right way now; traditionally services that want to support SSL/TLS and not on the same port use the STARTTLS methodology, starting with a plain connection. Since you can't modify your client, you're stuck buffering a bit of data at the beginning to sniff it it looks like SSL/TLS or plain (based on whatever your plain client normally sends, which hopefully cannot overlap with SSL/TLS hello) and passing it on to SSL afterwards. You can use a BIO_s_mem() for this purpose if you don't want to write your own BIO to read from your buffer list, so that the buffering is semi-transparent to the SSL instance, though I suspect that's what you're doing already.
k On Fri, Nov 9, 2012 at 2:19 PM, Derek Cole <derek.c...@gmail.com> wrote: > Well that would still require an SSL handshake right? My client that sends > the unencrypted traffic knows nothing of SSL at all, and I can't modify it, > so it is just coming in a normal TCP stream. > > > > On Fri, Nov 9, 2012 at 6:44 AM, Michel <msa...@paybox.com> wrote: >> >> Hi, >> >> Perhaps I misunderstand you, but wouldn't it be easier to just choose >> eNULL cipher when no encryption is needed ? >> >> Le 09/11/2012 06:08, Derek Cole a écrit : >> >>> Hello, >>> >>> I have a server running that I am accepting both SSL and non SSL traffic. >>> Currently I check the traffic first and if the first part of the TCP data >>> looks like an SSL header, I send it off to an OpenSSL socket to be read. >>> If >>> it's plaintext, I just read it right there on that socket. >>> >>> Is it possible to skip the SSL header check and just send all traffic to >>> an >>> SSL socket, and reliably be able to read the traffic regardless whether >>> it's encryprted or not? >>> >>> just to be clear, I do have the SSL context set up properly and don't >>> have >>> a problem reading it, it's just annoying that I Have to check my traffic >>> in >>> a separate step, and send it down the flow path of SSL if it's encrypted. >>> >>> Thanks >>> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
