CASSANDRA-9590 (Support for both encrypted and unencrypted native transport connections) was implemented before CASSANDRA-10559 (Support encrypted and plain traffic on the same port), but both been available since 3.0.
On 9590, STARTTLS was considered, but rejected due to the changes that would be required to support it from all drivers. But the current server implementation doesn't require STARTTLS: the client is expected to send the first message over the connection, so the server can just check if that message is encrypted <https://github.com/netty/netty/blob/5d452bc8673721b3caa44c727785e7327ac860b5/handler/src/main/java/io/netty/handler/ssl/SslHandler.java#L1289>, and then enable the Netty pipeline's SslHandler <https://github.com/apache/cassandra/blob/1a971dab7ee91a610d037b97ff5808cda7ed0b25/src/java/org/apache/cassandra/transport/PipelineConfigurator.java#L186>. The implementation in 10559 is compatible with existing clients, and is already used widely. Are there any reasons for users to stick with dual-native-port rather than a single port that supports both encrypted and unencrypted traffic?
