Perhaps some server can handle both non-secure and secure protocols. Is there known way to determine if existing TCP connection secure or not?
(I believe it is possible just monitor traffic and check if some text is readable, but maybe there is better or maybe more detailed suggestions?)
If you're using .Net you can use an existing TCP connection as the basis for an SSL connection. To programatically check whether a server port implements SSL would be a matter of establishing a TCP connection and then attempting to create an SSL connection on top of it. If the SSL handshake fails, which will throw an exception, then you will know SSL is not available on that port.
The code would be along the lines of:
TcpClient tcpClient = new TcpClient();
tcpClient.Connect(remoteEndPoint);
SslStream sslStream = new SslStream(tcpClient.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
sslStream.AuthenticateAsClient(serverCN);
Exception means no SSL.