EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to differentiate between SSL and non-SSL requests

Posted: 12/12/2012 16:36:35
by Terry Neckar (Standard support level)
Joined: 09/19/2012
Posts: 2

I have a client that starts off sending requests that are not encrypted, basically just a simple webpage. After doing that, it tests the server to see if it supports SSL. At the moment, to keep things simple, I'm using the sample SSL chat server program as it is close to my needs. When the client sends the unencrypted webpage, I get error SSL 75796 which is ERROR_SSL_INSUFFICIENT_SECURITY. How can I differentiate between encrypted and non-encrypted requests?
Posted: 12/13/2012 00:07:16
by Eugene Mayevski (Team)

There's no reliable way to distinguish between SSL and non-SSL request (in generic case). The reason is that SSL doesn't have a signature (in SSL 2 there's no indicator at all and in SSL3 and later there's a starting byte which in many cases can be not enough).

If you expect to receive only HTTP and HTTPS requests, you can analyze first bytes of request and check if they start with a valid HTTP method (GET, POST etc).

Sincerely yours
Eugene Mayevski



Topic viewed 478 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!