That is a FANTASTIC trick! Actually it could be expanded to
simply do plaintext for a non-TLS-capable client. I personally
would prefer that, if only because I still want to use UMN
gopher
client sometimes. There is something about its lovely 90s
feel...
I still don't understand how this can be protected against
downgrade
attacks. A malicious MITM could simply ensure that the TLS
trigger byte
was never communicated (race the packet, etc.) and both client
and server
would then assume the connection isn't TLS.
Not a high risk, but if the end goal is security ...