Solved

TCP ports - changing

Posted on 2013-01-17
4
330 Views
Last Modified: 2013-01-22
Hello TCP experts,

This may be a dumb question. Suppose I have an application that listens on TCP 3012. Suppose I want to secure it with SSL. I know of a handful of TCP ports with SSL "flavors" (ldaps, imaps, pop3s, etc).
I was thinking if I change the app to listen on, let's say, tcp 636, would I then be able to secure it with an SSL Cert? I guess what I'm missing is, are port #s, just numbers or is it the behavior of the traffic that defines the port #?
0
Comment
Question by:trojan81
  • 2
  • 2
4 Comments
 

Author Comment

by:trojan81
ID: 38790197
Giving it a second thought and I think simply configuring your application to listen on a known secure port over SSL doesnt do any good if the application is not configured to negotiate encryption with the client. Is that a correct assumption?
0
 
LVL 14

Accepted Solution

by:
theras2000 earned 500 total points
ID: 38790257
Yes that's correct.  You can just change your port and expect your application to automatically encrypt traffic.

Also correct is your saying that a port is just a port.  You can run any app/protocol over any port you like.  The reason people stick to recognised ports is so that we can find each others' services.  If a public website suddenly started using port 6000 instead of 80, then nobody's browser would find their site.  443 is the recognised port for HTTP/SSL.  993 is the recognised port for IMAP/SSL.  We pick what port we want, but then we must make sure our clients know what it is.
0
 

Author Comment

by:trojan81
ID: 38790315
Thereas2000

Your comment "Yes that's correct.  You can just change your port and expect your application to automatically encrypt traffic."

Did you mean to say You CAN'T or you CAN
0
 
LVL 14

Expert Comment

by:theras2000
ID: 38791833
Do'h!  You CAN'T.  Sorry about the typo.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question