From 93d8379ff34312300ad1542309c5584a6aadb6f2 Mon Sep 17 00:00:00 2001
From: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
Date: Wed, 24 Jan 2024 05:23:49 +0100
Subject: [PATCH] Log clients speaking HTTP on the HTTPS port

This patch extends the processing of a case when a client attempts
sending plain HTTP into an HTTPS port by emitting a log message.
---
 cheroot/connections.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cheroot/connections.py b/cheroot/connections.py
index 9ea6c829f2..df70e6ea02 100644
--- a/cheroot/connections.py
+++ b/cheroot/connections.py
@@ -299,7 +299,13 @@ def _from_server_socket(self, server_socket):  # noqa: C901  # FIXME
                         f'{tls_connection_drop_error !s}',
                     )
                     return
-                except errors.NoSSLError:
+                except errors.NoSSLError as http_over_https_err:
+                    self.server.error_log(
+                        f'Client {addr !s} attempted to speak plain HTTP into '
+                        'a TCP connection configured for TLS-only traffic — '
+                        'trying to send back a plain HTTP error response: '
+                        f'{http_over_https_err !s}',
+                    )
                     msg = (
                         'The client sent a plain HTTP request, but '
                         'this server only speaks HTTPS on this port.'