Pivotal WS runs behind ELBs that pipe websockets traffic through port 4443 in Secure TCP mode - because ELBs in HTTPS mode do not respect the websocket handshake upgrade.
We tried running port 443 in Secure TCP and avoid the additional port 4443 (which cannot be accessed from inside client company's network - they only allow outbound access to :80 and :443).
And it works.
What are the downsides to running :443 as Secure TCP rather than HTTPS?
