What does that mean?
How do you decided whether the traffic is “legitimate” until after doing the TLS handshake, and the client has authenticated itself?
- The port is “open” because clients have to be able to connect to it.
- The protocol is HTTPS.
- The application is, of course “unknown” because it was just released yesterday.