Key off TLS first byte

Signed-off-by: Derek Collison <derek@nats.io>
2026-04-02 03:38:42 -07:00 · 2020-06-06 13:41:34 -07:00
parent 75395ed862
commit 3a4e835311
1 changed files with 4 additions and 5 deletions
--- a/server/server.go
+++ b/server/server.go
@@ -1960,14 +1960,13 @@ func (s *Server) createClient(conn net.Conn, ws *websocket) *client {
 	if opts.TLSConfig != nil && opts.AllowNonTLS {
 		pre = make([]byte, 4)
 		c.nc.SetReadDeadline(time.Now().Add(secondsToDuration(opts.TLSTimeout)))
-		n, err := io.ReadFull(c.nc, pre[:])
+		n, _ := io.ReadFull(c.nc, pre[:])
 		c.nc.SetReadDeadline(time.Time{})
 		pre = pre[:n]
-		// Assume TLS unless we see nothing or start of CONNECT.
-		if err != nil || bytes.Contains(pre, []byte("CO")) {
-			tlsRequired = false
-		} else {
+		if n > 0 && pre[0] == 0x16 {
 			tlsRequired = true
+		} else {
+			tlsRequired = false
 		}
 	}