- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Thu, 07 Feb 2013 14:21:21 +1300
- To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- CC: ietf-http-wg@w3.org
On 7/02/2013 6:06 a.m., Ilari Liusvaara wrote: > On Thu, Feb 07, 2013 at 12:47:08AM +1300, Amos Jeffries wrote: > >> Magic" below. I've been holding this off while I try to figure out >> what bit ranges the TLS handshakes are detectible with. It seems >> 32-bits is required if we merge TLS port 443 traffic into this >> magic, but I'm not yet completely certain of that. > AFAIK, the first bytes from client in current TLS connections are: > > 0x16 (Handshake packet) > 0x03 (SSLv3 or TLS v1.x) > 0x00-0x03 (At least until TLSv1.3 appears, that would use 0x04). > > Then there's the SSLv2 compatiblity handshake. Hope nothing uses > that anymore. > > -Ilari Thank you. I was loosing hope of finding these in the TLS RFC's. So the relevant magic for TLS is F=0,C=0, type=0x16, top byte of the length field being non-0x0. Meaning we can distinguish it easily from WebSockets and HTTP/2 client. Good news there. Amos
Received on Thursday, 7 February 2013 01:21:51 UTC