EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to differentiate between SSL and non-SSL requests

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#22789
Posted: 12/12/2012 16:36:35
by Terry Neckar (Standard support level)
Joined: 09/19/2012
Posts: 2

I have a client that starts off sending requests that are not encrypted, basically just a simple webpage. After doing that, it tests the server to see if it supports SSL. At the moment, to keep things simple, I'm using the sample SSL chat server program as it is close to my needs. When the client sends the unencrypted webpage, I get error SSL 75796 which is ERROR_SSL_INSUFFICIENT_SECURITY. How can I differentiate between encrypted and non-encrypted requests?
#22790
Posted: 12/13/2012 00:07:16
by Eugene Mayevski (EldoS Corp.)

There's no reliable way to distinguish between SSL and non-SSL request (in generic case). The reason is that SSL doesn't have a signature (in SSL 2 there's no indicator at all and in SSL3 and later there's a starting byte which in many cases can be not enough).

If you expect to receive only HTTP and HTTPS requests, you can analyze first bytes of request and check if they start with a valid HTTP method (GET, POST etc).


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 411 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!