Hacker News new | comments | show | ask | jobs | submit login

Port 80. This means you can make web apps that use all available protocols but only need to know about port 80. Gets through firewalls, cuts down on configuration, and it's not too hard to do in the server.

Honest question: I'm not too familiar with firewalls, but do they not check for the validity of the traffic on port 80 to make sure it's actually HTTP?

no, they just pass it along to the service listening on that port. How would you verify HTTPS without decrypting it?

Let’s be careful here.

Yes there are firewalls/proxies which check for validity of HTTP over port 80, though others don’t bother, or just look at the first bit of traffic for each connection.

HTTPS goes over port 443, and I imagine there are some firewalls somewhere or another which block it altogether. Probably not enough of them to worry too much about though.

Some firewalls at least make sure that traffic over port 443 does a proper SSL handshake.... after that the data is encrypted, so they have no way to tell just what’s going through.

So would FlashSocket traffic get blocked by these firewalls if it was trying to sneak in through port 80, then? That would kinda beat the purpose of this effort.

Even if your firewall doesn't track it, you could set up an IDS system to detect and alert on it, if you were into that sort of thing.

You don't need to be able to decrypt anything to identify an HTTPS flow. An unencrypted SSL/TLS handshake takes place first, before any encrypted data is sent across the wire.

Some firewalls can track this.

Right. But you can still run whatever protocol you like -on top- of SSL.

Hah. Good point. Thanks.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact