Now that the server code can be used to build alternate server for porters, it's doubtful that all those folks will have valid SSL certificates (due to their cost and requirement for a separate public IP), so it'd be good to have a way to turn off https.
We clearly don't want to do any fallback to http automatically as this would allow an attacker to make us drop to http by blocking tcp/443, but having this be an option in channel.ini would be perfectly acceptable.
My suggestion for the implementation would be to support:
- http_port: 0 => the server only supports https, don't even attempt an http connection
- https_port: 0 => the server only supports http, don't even attempt an https connection
The first option likely won't be used by many setups, but it's still good to have if only for consistency. The second option is the one we need to make our porters' life easier.