Tcp on secure port only?

I want to run a single Event Store node (on Windows) that only accepts secure connections. I’ve found the right configuration so that the HTTP interface is only https and I also have a secure Tcp port and SSL certificate configured.

But I can’t find the right set of parameters to stop Event Store from accepting non-secure Tcp connections. When I specify “-ExtSecureTcpPort 44444”, the console still shows

[24940,14,19:51:24.560] Starting Normal TCP listening on TCP endpoint:

[24940,14,19:51:24.576] Starting Secure TCP listening on TCP endpoint:

And I can connect to the 1113 port.

I can specify a different non-secure TCP port with -ExtTcpPort, but I can’t find a way to specify no port. Even if I use “-ExtTcpPort 0”, it just causes the OS to choose an available port and Event Store listens on it.

Is it possible?


Currently there doesn’t exist an option to disable insecure tcp, I just put up an issue for it.