httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50823] Provide alternate failure modes for http on https
Date Wed, 18 Apr 2012 09:56:52 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50823

--- Comment #7 from otheus <otheus+opensource@gmail.com> 2012-04-18 09:56:52 UTC ---
Thanks, Stefan.

Perhaps I'm confused, but all this patch does is add a CRLF so that an inline 
  ErrorDocument 400 "HTTP/1.1 400 You requested a non-SSL resource from an SSL
service"
will actually be usable by conforming clients. 

Further, the line:
  "GET / HTTP/1.0" CRLF
muddies the waters. Perhaps I don't understand the context that line is used
in, but it seems to me that matches an input string from the client. I dont
think that's at issue here.

To clarify:

>From a standards standpoint, I think it's absolutely incorrect to allow a port
configured for SSL (SSLEngine = "on") to operate in any other way. An HTTP
request should simply be closed, period. (If SSLEngine = "optional", then the
server should act like a normal HTTP/1.1 server until the upgrade handshake is
initiated.)

Excepting that, the response should be one of 400 or 426. Maybe this should be
user-configurable, but I think it matters not. Even a hardcoded response of 400
or 426 is better than what is there now. One possibly desirable behavior would
be a redirect (301).

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message