I have an unusual networking problem: for experimental purposes I want to serve both HTTP and HTTPS on the same port, deciding which protocol to speak based on whether or not the first packet received is a TLS ClientHello. In principle this should be no problem—either way, the client speaks first, and an unencrypted HTTP request cannot be confused with a ClientHello. However,
SSLContext.wrap_socket expects to be called immediately after
socket.accept, before any data is received on the connected socket.
Is there an alternative way to convert a bare OS-level socket into a SSLSocket that allows me to pass an already-received ClientHello to the TLS library as a byte buffer? If this can’t be done with the
ssl module in the standard library, is there an alternative implementation of TLS with which it can be done?
(I’m using asyncio and aiohttp for the server-side HTTP protocol, but I’m not married to either choice; if this would be easier with some other HTTP implementation please let me know. The only other constraint is that I do need to be able to listen on a whole bunch of ports at once.)