>>There are right ways and there are easy ways. The easy way is to >>non-destructively read the first character on the connection.
>What is the right way? >Zack There are three right ways (and reasons why some or all of these are sometimes impractical): 1) Don't get into this situation in the first place. Either use a port for unencrypted traffic or use it for encrypted traffic. Don't ever even try to use the same port for both. (Sometimes you still want to be able to handle the "someone screwed up" case.) 2) Use a scheme to negotiate promotion to SSL if supported by both sides. For example, start all connections in plaintext, then have one side tell the other that it either supports or requires encryption. Both sides can then negotiate the switch from plaintext to SSL. (Sadly, for some protocols, this just isn't possible or isn't supported by software you cannot change and must interoperate with.) 3) Do the network I/O yourself. Use, for example, BIO pairs. You can then inspect the first byte or bytes and either either process them directly or 'proxy' them through OpenSSL. This has the advantage that you can use advanced I/O models (like I/O completion ports or epoll) which OpenSSL can't support natively. (This is always possible and frequently a good idea. Sometimes the added complexity isn't worth it.) DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]