On Thu, 19 Jan 2023 at 00:45, Andrey Borodin <amborodi...@gmail.com> wrote:
> But..do we have to treat any unknown start sequence of bytes as a TLS > connection? Or is there some definite subset of possible first bytes > that clearly indicates that this is a TLS connection or not? Absolutely not, there's only one MessageType that can initiate a connection, ClientHello, so the initial byte has to be a specific value. (0x16) And probably to implement HTTP/Websocket it would probably only peek at the first byte and check for things like G(ET) and H(EAD) and so on, possibly only over SSL but in theory it could be over any connection if the request comes before the startup packet. Personally I'm motivated by wanting to implement status and monitoring data for things like Prometheus and the like. For that it would just be simple GET queries to recognize. But tunneling pg wire protocol over websockets sounds cool but not really something I know a lot about. I note that Neon is doing something similar with a proxy: https://neon.tech/blog/serverless-driver-for-postgres -- greg