When I connect to Domino on port 2050 in Chrome I found Funny things file with the extension .file get automatically downloaded.
When use chrome I see
When used Firefox I see as below:

I've reproduced this with both Firefox and Chrome. In Firefox, it tries to display the data that has come back in the browser window itself. It
tries it's best to show the data as five boxes and a diamond with a question mark inside of it. Chrome on the other hand saves this
non-HTML data as a download. Looking at that file with a hex editor I can see the following data:
0x15 0x03 0x01 0x00 0x02 0x02 0x0a
If you look carefully at the boxes in Firefox, you can see these numbers in the boxes. As there is no Unicode character for these locations, it
shows the box with the numbers in it.
"While this looks odd, it is not a security issue. When the browser connects to port 2050 and sends an HTTP request over a non-secure connection,
the server is responding with the following byte sequence because the server was expecting a TLS Client Hello message:
0x15 0x03 0x01 0x00 0x02 0x02 0x0A
The SSL/TLS RFCs specify that a close_notify alert message is sent on a TLS channel when closing the connection. This lets us know why the
connection was closed. That is what this byte sequence is, essentially the TLS layer saying 'didnt understand?'. After sending this data the connection is
closed by the server and no other data is sent/exposed. The Java console will only allow connections via TLS 1.2 and only provides two
very high security protocols for the other end to choose from.
Here is what the byte sequence returned to the browser means:
Byte 0x15 This is a TLS Alert
Bytes 0x03 0x01 TLS v1.0, lowest common denonomator since we did not
receive a TLS Client Hello
Bytes 0x00 0x02 Length of payload (hard coded to 2)
Byte 0x02 Alert Level Fatal (no recovery)
Byte 0xA Unexpected message - received an HTTP request which
is not a valid TLS Client Hello
To understand the alert protocol, you can review this Wikipedia entry:
https://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol
If you instead sent your browser to connect on Https
https://server.com:2050
You will get something (at least in Firefox) that looks disturbing. Firefox complains about the site's security! However, if you go further
into the error message, you see the real problem is that there are no cipher suites in common. That only means that Firefox does not
currently support these two ciphers. It does not mean the connection is in any way insecure when used by the Java console.
Full list of cipher suites supported by the java Console
We use the following two ciphers for the Java console (the beginning SSL can also be TLS, no difference, same cipher)
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL_RSA_WITH_AES_256_GCM_SHA384
The cipher to be used is chosen in that order, and as we control both sides, this means that in practice, the chosen cipher will be the first
one offered (as both sides know this cipher):
SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA38