It seems the same to me: using a port that's open for a commonly used protocol, so http (80) in the 90s, https (443) now. Of course the protocol is different, that's the point!
And to save roundtrips: I believe it must be possible to analyze encrypted traffic to find out which protocol is used. But I doubt that the hospital admins are so motivated or sophisticated.
> The SSL negotiation part happens before any other communication.
An SSH server and client do not use SSL/TLS to set up the connection. They use the SSH protocol.
As soon as you connect to an SSH server, the server sends an identification string. The identification string always starts with:
SSH-
It's trivial to detect.
In the old days, corporate firewall rules were based solely on port numbers. So you could connect to an outside SSH server running on port 80, even if port 22 was blocked. Nowadays, an SSH server running on any port (80, 443, or any other) can easily be detected and blocked.
OK, I believe you, but then, does the trick described in the article work?
I ask because if it works, the principle is the same: using a commonly used protocol to circumvent limitations. It used to be easier to do then, it's more involved now.
In other words: is it possible to tunnel anything through https?