Be aware of fake TLS/SSL connection

Sometimes, applications can use standard TLS/SSL port 443 to exchange data using its own proprietary protocol. Check following application data:
16 03 01 00 d5 ......

Although the first few bytes look like a TLS/SSL Handshake message, in fact the following bytes don’t conform to TLS/SSL at all.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.